openSUSE-SU-2022:0112-1: important: Security update for chromium

13 Apr 2022

      openSUSE Security Update: Security update for chromium
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:0112-1
Rating:             important
References:         #1194511 #1194512 #1194513 #1194514 #1197680 
                    #1198053 #1198361 
Cross-References:   CVE-2021-44531 CVE-2021-44532 CVE-2021-44533
                    CVE-2022-1125 CVE-2022-1127 CVE-2022-1128
                    CVE-2022-1129 CVE-2022-1130 CVE-2022-1131
                    CVE-2022-1132 CVE-2022-1133 CVE-2022-1134
                    CVE-2022-1135 CVE-2022-1136 CVE-2022-1137
                    CVE-2022-1138 CVE-2022-1139 CVE-2022-1141
                    CVE-2022-1142 CVE-2022-1143 CVE-2022-1144
                    CVE-2022-1145 CVE-2022-1146 CVE-2022-1232
                    CVE-2022-1305 CVE-2022-1306 CVE-2022-1307
                    CVE-2022-1308 CVE-2022-1309 CVE-2022-1310
                    CVE-2022-1311 CVE-2022-1312 CVE-2022-1313
                    CVE-2022-1314 CVE-2022-21824
CVSS scores:
                    CVE-2021-44531 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-44531 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-44532 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-44532 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-44533 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
                    CVE-2021-44533 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2022-21824 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
                    CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Affected Products:
                    openSUSE Backports SLE-15-SP3
                    openSUSE Leap 15.3
______________________________________________________________________________

   An update that fixes 35 vulnerabilities is now available.

Description:

   This update for chromium fixes the following issues:

   Updated to Chromium 100.0.4896.88 (boo#1198361)

   - CVE-2022-1305: Use after free in storage
   - CVE-2022-1306: Inappropriate implementation in compositing
   - CVE-2022-1307: Inappropriate implementation in full screen
   - CVE-2022-1308: Use after free in BFCache
   - CVE-2022-1309: Insufficient policy enforcement in developer tools
   - CVE-2022-1310: Use after free in regular expressions
   - CVE-2022-1311: Use after free in Chrome OS shell
   - CVE-2022-1312: Use after free in storage
   - CVE-2022-1313: Use after free in tab groups
   - CVE-2022-1314: Type Confusion in V8
   - Various fixes from internal audits, fuzzing and other initiatives

   Updated to version 100.0.4896.75:

   - CVE-2022-1232: Type Confusion in V8 (boo#1198053)

   Update to version 100.0.4896.60 (boo#1197680):

   - CVE-2022-1125: Use after free in Portals
   - CVE-2022-1127: Use after free in QR Code Generator
   - CVE-2022-1128: Inappropriate implementation in Web Share API
   - CVE-2022-1129: Inappropriate implementation in Full Screen Mode
   - CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
   - CVE-2022-1131: Use after free in Cast UI
   - CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
   - CVE-2022-1133: Use after free in WebRTC
   - CVE-2022-1134: Type Confusion in V8
   - CVE-2022-1135: Use after free in Shopping Cart
   - CVE-2022-1136: Use after free in Tab Strip
   - CVE-2022-1137: Inappropriate implementation in Extensions
   - CVE-2022-1138: Inappropriate implementation in Web Cursor
   - CVE-2022-1139: Inappropriate implementation in Background Fetch API
   - CVE-2022-1141: Use after free in File Manager
   - CVE-2022-1142: Heap buffer overflow in WebUI
   - CVE-2022-1143: Heap buffer overflow in WebUI
   - CVE-2022-1144: Use after free in WebUI
   - CVE-2022-1145: Use after free in Extensions
   - CVE-2022-1146: Inappropriate implementation in Resource Timing

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-112=1

   - openSUSE Backports SLE-15-SP3:

      zypper in -t patch openSUSE-2022-112=1

Package List:

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      nodejs14-14.18.3-15.24.1
      nodejs14-debuginfo-14.18.3-15.24.1
      nodejs14-debugsource-14.18.3-15.24.1
      nodejs14-devel-14.18.3-15.24.1
      npm14-14.18.3-15.24.1

   - openSUSE Leap 15.3 (noarch):

      nodejs14-docs-14.18.3-15.24.1

   - openSUSE Backports SLE-15-SP3 (aarch64 x86_64):

      chromedriver-100.0.4896.88-bp153.2.82.1
      chromedriver-debuginfo-100.0.4896.88-bp153.2.82.1
      chromium-100.0.4896.88-bp153.2.82.1
      chromium-debuginfo-100.0.4896.88-bp153.2.82.1

References:

   https://www.suse.com/security/cve/CVE-2021-44531.html
   https://www.suse.com/security/cve/CVE-2021-44532.html
   https://www.suse.com/security/cve/CVE-2021-44533.html
   https://www.suse.com/security/cve/CVE-2022-1125.html
   https://www.suse.com/security/cve/CVE-2022-1127.html
   https://www.suse.com/security/cve/CVE-2022-1128.html
   https://www.suse.com/security/cve/CVE-2022-1129.html
   https://www.suse.com/security/cve/CVE-2022-1130.html
   https://www.suse.com/security/cve/CVE-2022-1131.html
   https://www.suse.com/security/cve/CVE-2022-1132.html
   https://www.suse.com/security/cve/CVE-2022-1133.html
   https://www.suse.com/security/cve/CVE-2022-1134.html
   https://www.suse.com/security/cve/CVE-2022-1135.html
   https://www.suse.com/security/cve/CVE-2022-1136.html
   https://www.suse.com/security/cve/CVE-2022-1137.html
   https://www.suse.com/security/cve/CVE-2022-1138.html
   https://www.suse.com/security/cve/CVE-2022-1139.html
   https://www.suse.com/security/cve/CVE-2022-1141.html
   https://www.suse.com/security/cve/CVE-2022-1142.html
   https://www.suse.com/security/cve/CVE-2022-1143.html
   https://www.suse.com/security/cve/CVE-2022-1144.html
   https://www.suse.com/security/cve/CVE-2022-1145.html
   https://www.suse.com/security/cve/CVE-2022-1146.html
   https://www.suse.com/security/cve/CVE-2022-1232.html
   https://www.suse.com/security/cve/CVE-2022-1305.html
   https://www.suse.com/security/cve/CVE-2022-1306.html
   https://www.suse.com/security/cve/CVE-2022-1307.html
   https://www.suse.com/security/cve/CVE-2022-1308.html
   https://www.suse.com/security/cve/CVE-2022-1309.html
   https://www.suse.com/security/cve/CVE-2022-1310.html
   https://www.suse.com/security/cve/CVE-2022-1311.html
   https://www.suse.com/security/cve/CVE-2022-1312.html
   https://www.suse.com/security/cve/CVE-2022-1313.html
   https://www.suse.com/security/cve/CVE-2022-1314.html
   https://www.suse.com/security/cve/CVE-2022-21824.html
   https://bugzilla.suse.com/1194511
   https://bugzilla.suse.com/1194512
   https://bugzilla.suse.com/1194513
   https://bugzilla.suse.com/1194514
   https://bugzilla.suse.com/1197680
   https://bugzilla.suse.com/1198053
   https://bugzilla.suse.com/1198361

opensuse-security＠opensuse.org

tags

participants (1)