{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"104.0.5112.79-bp153.2.113.1","chromium":"104.0.5112.79-bp153.2.113.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP3","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"104.0.5112.79-bp153.2.113.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"104.0.5112.79-bp153.2.113.1","chromium":"104.0.5112.79-bp153.2.113.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"chromium","purl":"pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"104.0.5112.79-bp153.2.113.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for chromium fixes the following issues:\n\nChromium 104.0.5112.79 (boo#1202075)\n\n* CVE-2022-2603: Use after free in Omnibox\n* CVE-2022-2604: Use after free in Safe Browsing\n* CVE-2022-2605: Out of bounds read in Dawn\n* CVE-2022-2606: Use after free in Managed devices API\n* CVE-2022-2607: Use after free in Tab Strip\n* CVE-2022-2608: Use after free in Overview Mode\n* CVE-2022-2609: Use after free in Nearby Share\n* CVE-2022-2610: Insufficient policy enforcement in Background Fetch\n* CVE-2022-2611: Inappropriate implementation in Fullscreen API\n* CVE-2022-2612: Side-channel information leakage in Keyboard input\n* CVE-2022-2613: Use after free in Input\n* CVE-2022-2614: Use after free in Sign-In Flow\n* CVE-2022-2615: Insufficient policy enforcement in Cookies\n* CVE-2022-2616: Inappropriate implementation in Extensions API\n* CVE-2022-2617: Use after free in Extensions API\n* CVE-2022-2618: Insufficient validation of untrusted input in Internals\n* CVE-2022-2619: Insufficient validation of untrusted input in Settings\n* CVE-2022-2620: Use after free in WebUI\n* CVE-2022-2621: Use after free in Extensions\n* CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing\n* CVE-2022-2623: Use after free in Offline\n* CVE-2022-2624: Heap buffer overflow in PDF\n\n- Switch back to Clang so that we can use BTI on aarch64\n  * Gold is too old - doesn't understand BTI\n  * LD crashes on aarch64\n- Re-enable LTO\n- Prepare move to FFmpeg 5 for new channel layout\n  (requires 5.1+)\n","id":"openSUSE-SU-2022:10092-1","modified":"2022-08-16T07:43:41Z","published":"2022-08-16T07:43:41Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q6RNQ4ONDRAPKKAAKDX4PXEI5DY7JVBX/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202075"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2603"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2604"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2605"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2606"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2607"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2608"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2609"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2610"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2611"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2612"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2613"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2614"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2615"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2616"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2617"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2618"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2619"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2620"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2621"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2622"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2623"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2624"}],"related":["CVE-2022-2603","CVE-2022-2604","CVE-2022-2605","CVE-2022-2606","CVE-2022-2607","CVE-2022-2608","CVE-2022-2609","CVE-2022-2610","CVE-2022-2611","CVE-2022-2612","CVE-2022-2613","CVE-2022-2614","CVE-2022-2615","CVE-2022-2616","CVE-2022-2617","CVE-2022-2618","CVE-2022-2619","CVE-2022-2620","CVE-2022-2621","CVE-2022-2622","CVE-2022-2623","CVE-2022-2624"],"summary":"Security update for chromium","upstream":["CVE-2022-2603","CVE-2022-2604","CVE-2022-2605","CVE-2022-2606","CVE-2022-2607","CVE-2022-2608","CVE-2022-2609","CVE-2022-2610","CVE-2022-2611","CVE-2022-2612","CVE-2022-2613","CVE-2022-2614","CVE-2022-2615","CVE-2022-2616","CVE-2022-2617","CVE-2022-2618","CVE-2022-2619","CVE-2022-2620","CVE-2022-2621","CVE-2022-2622","CVE-2022-2623","CVE-2022-2624"]}