rpm package
opensuse/chromium&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.4
Vulnerabilities (403)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-4188 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2022-4187 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2022-4186 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2022-4185 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2022-4184 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2022-4183 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2022-4182 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2022-4181 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-4180 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||
| CVE-2022-4179 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||
| CVE-2022-4178 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-4177 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) | ||
| CVE-2022-4176 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Hig | ||
| CVE-2022-4175 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-4174 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-4135 | — | KEV | < 107.0.5304.121-bp154.2.46.1 | 107.0.5304.121-bp154.2.46.1 | Nov 25, 2022 | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2022-3890 | — | < 107.0.5304.110-bp154.2.43.1 | 107.0.5304.110-bp154.2.43.1 | Nov 9, 2022 | Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3889 | — | < 107.0.5304.110-bp154.2.43.1 | 107.0.5304.110-bp154.2.43.1 | Nov 9, 2022 | Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3888 | — | < 107.0.5304.110-bp154.2.43.1 | 107.0.5304.110-bp154.2.43.1 | Nov 9, 2022 | Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3887 | — | < 107.0.5304.110-bp154.2.43.1 | 107.0.5304.110-bp154.2.43.1 | Nov 9, 2022 | Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
- CVE-2022-4188Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2022-4187Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2022-4186Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2022-4185Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2022-4184Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2022-4183Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2022-4182Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2022-4181Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-4180Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
- CVE-2022-4179Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
- CVE-2022-4178Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-4177Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)
- CVE-2022-4176Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Hig
- CVE-2022-4175Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-4174Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 107.0.5304.121-bp154.2.46.1fixed 107.0.5304.121-bp154.2.46.1
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3890Nov 9, 2022affected < 107.0.5304.110-bp154.2.43.1fixed 107.0.5304.110-bp154.2.43.1
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3889Nov 9, 2022affected < 107.0.5304.110-bp154.2.43.1fixed 107.0.5304.110-bp154.2.43.1
Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3888Nov 9, 2022affected < 107.0.5304.110-bp154.2.43.1fixed 107.0.5304.110-bp154.2.43.1
Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3887Nov 9, 2022affected < 107.0.5304.110-bp154.2.43.1fixed 107.0.5304.110-bp154.2.43.1
Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Page 13 of 21