Bugzilla – Bug 1199893
VUL-0: chromium: multiple security issues fixed in 102.0.5005.61
Last modified: 2022-06-15 19:21:54 UTC
Please submit the new chromium update. [$TBD][1324864] Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12 [$10000][1320024] High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-27 [$7500][1228661] High CVE-2022-1855: Use after free in Messaging. Reported by Anonymous on 2021-07-13 [$3000][1323239] High CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06 [$2000][1227995] High CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea on 2021-07-11 [$1000][1314310] High CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad on 2022-04-07 [$1000][1322744] High CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab on 2022-05-05 [$TBD][1297209] High CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel on 2022-02-15 [$TBD][1316846] High CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani on 2022-04-16 [$5000][1236325] Medium CVE-2022-1862: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2021-08-04 [$5000][1292870] Medium CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg on 2022-02-01 [$5000][1320624] Medium CVE-2022-1864: Use after free in WebApp Installs. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab on 2022-04-28 [$3000][1289192] Medium CVE-2022-1865: Use after free in Bookmarks. Reported by Rong Jian of VRI on 2022-01-20 [$3000][1292264] Medium CVE-2022-1866: Use after free in Tablet Mode. Reported by @ginggilBesel on 2022-01-29 [$3000][1315563] Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. Reported by Michał Bentkowski of Securitum on 2022-04-12 [$TBD][1301203] Medium CVE-2022-1868: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-02-28 [$NA][1309467] Medium CVE-2022-1869: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-23 [$TBD][1323236] Medium CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06 [$7000][1308199] Low CVE-2022-1871: Insufficient policy enforcement in File System API. Reported by Thomas Orlita on 2022-03-21 [$7000][1310461] Low CVE-2022-1872: Insufficient policy enforcement in Extensions API. Reported by ChaobinZhang on 2022-03-26 [$2000][1305394] Low CVE-2022-1873: Insufficient policy enforcement in COOP. Reported by NDevTK on 2022-03-11 [$500][1251588] Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing. Reported by hjy79425575 on 2021-09-21 [$500][1306443] Low CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK on 2022-03-15 [$TBD][1313600] Low CVE-2022-1876: Heap buffer overflow in DevTools. Reported by @ginggilBesel on 2022-04-06
This is an autogenerated message for OBS integration: This bug (1199893) was mentioned in https://build.opensuse.org/request/show/979533 Backports:SLE-15-SP4 / chromium https://build.opensuse.org/request/show/979534 Backports:SLE-15-SP3 / chromium
This is an autogenerated message for OBS integration: This bug (1199893) was mentioned in https://build.opensuse.org/request/show/980325 Backports:SLE-15-SP4 / chromium
This is an autogenerated message for OBS integration: This bug (1199893) was mentioned in https://build.opensuse.org/request/show/980326 Backports:SLE-15-SP3 / chromium
This is an autogenerated message for OBS integration: This bug (1199893) was mentioned in https://build.opensuse.org/request/show/982061 Backports:SLE-15-SP3 / chromium
openSUSE-SU-2022:10009-1: An update that fixes 28 vulnerabilities is now available. Category: security (critical) Bug References: 1199893,1200139,1200423 CVE References: CVE-2022-1853,CVE-2022-1854,CVE-2022-1855,CVE-2022-1856,CVE-2022-1857,CVE-2022-1858,CVE-2022-1859,CVE-2022-1860,CVE-2022-1861,CVE-2022-1862,CVE-2022-1863,CVE-2022-1864,CVE-2022-1865,CVE-2022-1866,CVE-2022-1867,CVE-2022-1868,CVE-2022-1869,CVE-2022-1870,CVE-2022-1871,CVE-2022-1872,CVE-2022-1873,CVE-2022-1874,CVE-2022-1875,CVE-2022-1876,CVE-2022-2007,CVE-2022-2008,CVE-2022-2010,CVE-2022-2011 JIRA References: Sources used: openSUSE Backports SLE-15-SP3 (src): chromium-102.0.5005.115-bp153.2.101.1
done
openSUSE-SU-2022:10005-1: An update that fixes 24 vulnerabilities is now available. Category: security (important) Bug References: 1199893 CVE References: CVE-2022-1853,CVE-2022-1854,CVE-2022-1855,CVE-2022-1856,CVE-2022-1857,CVE-2022-1858,CVE-2022-1859,CVE-2022-1860,CVE-2022-1861,CVE-2022-1862,CVE-2022-1863,CVE-2022-1864,CVE-2022-1865,CVE-2022-1866,CVE-2022-1867,CVE-2022-1868,CVE-2022-1869,CVE-2022-1870,CVE-2022-1871,CVE-2022-1872,CVE-2022-1873,CVE-2022-1874,CVE-2022-1875,CVE-2022-1876 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): chromium-102.0.5005.61-bp154.2.5.3