rpm package

opensuse/chromium&distro=openSUSE Leap 15.4

pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.4

Vulnerabilities (403)

CVE	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2022-3056	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2022-3055	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3054	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3053	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.
CVE-2022-3052	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
CVE-2022-3051	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
CVE-2022-3050	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
CVE-2022-3049	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3048	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.
CVE-2022-3047	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
CVE-2022-3046	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3045	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3044	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
CVE-2022-3043	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3042	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3041	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3040	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3039	—		< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3038	—	KEV	< 105.0.5195.102-bp154.2.26.1	105.0.5195.102-bp154.2.26.1	Sep 26, 2022	Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2861	—		< 104.0.5112.101-bp154.2.23.1	104.0.5112.101-bp154.2.23.1	Sep 26, 2022	Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.

CVE-2022-3056Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2022-3055Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3054Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3053Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page.
CVE-2022-3052Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
CVE-2022-3051Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
CVE-2022-3050Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions.
CVE-2022-3049Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3048Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device.
CVE-2022-3047Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
CVE-2022-3046Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3045Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3044Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
CVE-2022-3043Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3042Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3041Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3040Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3039Sep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3038KEVSep 26, 2022
affected < 105.0.5195.102-bp154.2.26.1fixed 105.0.5195.102-bp154.2.26.1
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2861Sep 26, 2022
affected < 104.0.5112.101-bp154.2.23.1fixed 104.0.5112.101-bp154.2.23.1
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.

Page 16 of 21