openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0042-1 Rating: important References: #1195986 Cross-References: CVE-2022-0603 CVE-2022-0604 CVE-2022-0605 CVE-2022-0606 CVE-2022-0607 CVE-2022-0608 CVE-2022-0609 CVE-2022-0610 Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Chromium 98.0.4758.102 (boo#1195986) * CVE-2022-0603: Use after free in File Manager * CVE-2022-0604: Heap buffer overflow in Tab Groups * CVE-2022-0605: Use after free in Webstore API * CVE-2022-0606: Use after free in ANGLE * CVE-2022-0607: Use after free in GPU * CVE-2022-0608: Integer overflow in Mojo * CVE-2022-0609: Use after free in Animation * CVE-2022-0610: Inappropriate implementation in Gamepad API * Various fixes from internal audits, fuzzing and other initiatives Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-42=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 x86_64): chromedriver-98.0.4758.102-bp153.2.63.1 chromium-98.0.4758.102-bp153.2.63.1 References: https://www.suse.com/security/cve/CVE-2022-0603.html https://www.suse.com/security/cve/CVE-2022-0604.html https://www.suse.com/security/cve/CVE-2022-0605.html https://www.suse.com/security/cve/CVE-2022-0606.html https://www.suse.com/security/cve/CVE-2022-0607.html https://www.suse.com/security/cve/CVE-2022-0608.html https://www.suse.com/security/cve/CVE-2022-0609.html https://www.suse.com/security/cve/CVE-2022-0610.html https://bugzilla.suse.com/1195986