openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0112-1 Rating: important References: #1194511 #1194512 #1194513 #1194514 #1197680 #1198053 #1198361 Cross-References: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-1125 CVE-2022-1127 CVE-2022-1128 CVE-2022-1129 CVE-2022-1130 CVE-2022-1131 CVE-2022-1132 CVE-2022-1133 CVE-2022-1134 CVE-2022-1135 CVE-2022-1136 CVE-2022-1137 CVE-2022-1138 CVE-2022-1139 CVE-2022-1141 CVE-2022-1142 CVE-2022-1143 CVE-2022-1144 CVE-2022-1145 CVE-2022-1146 CVE-2022-1232 CVE-2022-1305 CVE-2022-1306 CVE-2022-1307 CVE-2022-1308 CVE-2022-1309 CVE-2022-1310 CVE-2022-1311 CVE-2022-1312 CVE-2022-1313 CVE-2022-1314 CVE-2022-21824 CVSS scores: CVE-2021-44531 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-44531 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44532 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-44532 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44533 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-44533 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21824 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: openSUSE Backports SLE-15-SP3 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 35 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Updated to Chromium 100.0.4896.88 (boo#1198361) - CVE-2022-1305: Use after free in storage - CVE-2022-1306: Inappropriate implementation in compositing - CVE-2022-1307: Inappropriate implementation in full screen - CVE-2022-1308: Use after free in BFCache - CVE-2022-1309: Insufficient policy enforcement in developer tools - CVE-2022-1310: Use after free in regular expressions - CVE-2022-1311: Use after free in Chrome OS shell - CVE-2022-1312: Use after free in storage - CVE-2022-1313: Use after free in tab groups - CVE-2022-1314: Type Confusion in V8 - Various fixes from internal audits, fuzzing and other initiatives Updated to version 100.0.4896.75: - CVE-2022-1232: Type Confusion in V8 (boo#1198053) Update to version 100.0.4896.60 (boo#1197680): - CVE-2022-1125: Use after free in Portals - CVE-2022-1127: Use after free in QR Code Generator - CVE-2022-1128: Inappropriate implementation in Web Share API - CVE-2022-1129: Inappropriate implementation in Full Screen Mode - CVE-2022-1130: Insufficient validation of untrusted input in WebOTP - CVE-2022-1131: Use after free in Cast UI - CVE-2022-1132: Inappropriate implementation in Virtual Keyboard - CVE-2022-1133: Use after free in WebRTC - CVE-2022-1134: Type Confusion in V8 - CVE-2022-1135: Use after free in Shopping Cart - CVE-2022-1136: Use after free in Tab Strip - CVE-2022-1137: Inappropriate implementation in Extensions - CVE-2022-1138: Inappropriate implementation in Web Cursor - CVE-2022-1139: Inappropriate implementation in Background Fetch API - CVE-2022-1141: Use after free in File Manager - CVE-2022-1142: Heap buffer overflow in WebUI - CVE-2022-1143: Heap buffer overflow in WebUI - CVE-2022-1144: Use after free in WebUI - CVE-2022-1145: Use after free in Extensions - CVE-2022-1146: Inappropriate implementation in Resource Timing Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-112=1 - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-112=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs14-14.18.3-15.24.1 nodejs14-debuginfo-14.18.3-15.24.1 nodejs14-debugsource-14.18.3-15.24.1 nodejs14-devel-14.18.3-15.24.1 npm14-14.18.3-15.24.1 - openSUSE Leap 15.3 (noarch): nodejs14-docs-14.18.3-15.24.1 - openSUSE Backports SLE-15-SP3 (aarch64 x86_64): chromedriver-100.0.4896.88-bp153.2.82.1 chromedriver-debuginfo-100.0.4896.88-bp153.2.82.1 chromium-100.0.4896.88-bp153.2.82.1 chromium-debuginfo-100.0.4896.88-bp153.2.82.1 References: https://www.suse.com/security/cve/CVE-2021-44531.html https://www.suse.com/security/cve/CVE-2021-44532.html https://www.suse.com/security/cve/CVE-2021-44533.html https://www.suse.com/security/cve/CVE-2022-1125.html https://www.suse.com/security/cve/CVE-2022-1127.html https://www.suse.com/security/cve/CVE-2022-1128.html https://www.suse.com/security/cve/CVE-2022-1129.html https://www.suse.com/security/cve/CVE-2022-1130.html https://www.suse.com/security/cve/CVE-2022-1131.html https://www.suse.com/security/cve/CVE-2022-1132.html https://www.suse.com/security/cve/CVE-2022-1133.html https://www.suse.com/security/cve/CVE-2022-1134.html https://www.suse.com/security/cve/CVE-2022-1135.html https://www.suse.com/security/cve/CVE-2022-1136.html https://www.suse.com/security/cve/CVE-2022-1137.html https://www.suse.com/security/cve/CVE-2022-1138.html https://www.suse.com/security/cve/CVE-2022-1139.html https://www.suse.com/security/cve/CVE-2022-1141.html https://www.suse.com/security/cve/CVE-2022-1142.html https://www.suse.com/security/cve/CVE-2022-1143.html https://www.suse.com/security/cve/CVE-2022-1144.html https://www.suse.com/security/cve/CVE-2022-1145.html https://www.suse.com/security/cve/CVE-2022-1146.html https://www.suse.com/security/cve/CVE-2022-1232.html https://www.suse.com/security/cve/CVE-2022-1305.html https://www.suse.com/security/cve/CVE-2022-1306.html https://www.suse.com/security/cve/CVE-2022-1307.html https://www.suse.com/security/cve/CVE-2022-1308.html https://www.suse.com/security/cve/CVE-2022-1309.html https://www.suse.com/security/cve/CVE-2022-1310.html https://www.suse.com/security/cve/CVE-2022-1311.html https://www.suse.com/security/cve/CVE-2022-1312.html https://www.suse.com/security/cve/CVE-2022-1313.html https://www.suse.com/security/cve/CVE-2022-1314.html https://www.suse.com/security/cve/CVE-2022-21824.html https://bugzilla.suse.com/1194511 https://bugzilla.suse.com/1194512 https://bugzilla.suse.com/1194513 https://bugzilla.suse.com/1194514 https://bugzilla.suse.com/1197680 https://bugzilla.suse.com/1198053 https://bugzilla.suse.com/1198361