[Bug 1201216] New: VUL-0: chromium: multiple security issues fixed in 103.0.5060.114
https://bugzilla.suse.com/show_bug.cgi?id=1201216 Bug ID: 1201216 Summary: VUL-0: chromium: multiple security issues fixed in 103.0.5060.114 Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: gmbr3@opensuse.org Reporter: gabriele.sonnu@suse.com QA Contact: security-team@suse.de CC: Andreas.Stieger@gmx.de Found By: --- Blocker: --- This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$TBD][1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 [$7500][1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16 [$3000][1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. Google is aware that an exploit for CVE-2022-2294 exists in the wild. As usual, our ongoing internal security work was responsible for a wide range of fixes: [1338205] Various fixes from internal audits, fuzzing and other initiatives -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201216
Gabriele Sonnu
https://bugzilla.suse.com/show_bug.cgi?id=1201216
Maintenance Robot
https://bugzilla.suse.com/show_bug.cgi?id=1201216
Carlos L�pez
https://bugzilla.suse.com/show_bug.cgi?id=1201216
Marcus Meissner
https://bugzilla.suse.com/show_bug.cgi?id=1201216
https://bugzilla.suse.com/show_bug.cgi?id=1201216#c1
--- Comment #1 from Callum Farmer
https://bugzilla.suse.com/show_bug.cgi?id=1201216
https://bugzilla.suse.com/show_bug.cgi?id=1201216#c2
Gabriele Sonnu
https://bugzilla.suse.com/show_bug.cgi?id=1201216
https://bugzilla.suse.com/show_bug.cgi?id=1201216#c3
Callum Farmer
Callum: https://commondatastorage.googleapis.com/chromium-browser-official seems to contain only up to chromium 101. Not sure where to get the most recent tarballs. Andreas can you help here?
Ignore the data, it is always wrong and getting the current tarball still works. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1201216
https://bugzilla.suse.com/show_bug.cgi?id=1201216#c4
Gabriele Sonnu
https://bugzilla.suse.com/show_bug.cgi?id=1201216
https://bugzilla.suse.com/show_bug.cgi?id=1201216#c5
--- Comment #5 from Gabriele Sonnu
https://bugzilla.suse.com/show_bug.cgi?id=1201216
https://bugzilla.suse.com/show_bug.cgi?id=1201216#c11
--- Comment #11 from Swamp Workflow Management
participants (1)
-
bugzilla_noreply@suse.com