rpm package

opensuse/chromium&distro=openSUSE Leap 15.4

pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.4

Vulnerabilities (403)

CVE	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2022-2860	—		< 104.0.5112.101-bp154.2.23.1	104.0.5112.101-bp154.2.23.1	Sep 26, 2022	Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
CVE-2022-2859	—		< 104.0.5112.101-bp154.2.23.1	104.0.5112.101-bp154.2.23.1	Sep 26, 2022	Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2858	—		< 104.0.5112.101-bp154.2.23.1	104.0.5112.101-bp154.2.23.1	Sep 26, 2022	Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.
CVE-2022-2857	—		< 104.0.5112.101-bp154.2.23.1	104.0.5112.101-bp154.2.23.1	Sep 26, 2022	Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2856	—	KEV	< 104.0.5112.101-bp154.2.23.1	104.0.5112.101-bp154.2.23.1	Sep 26, 2022	Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
CVE-2022-2855	—		< 104.0.5112.101-bp154.2.23.1	104.0.5112.101-bp154.2.23.1	Sep 26, 2022	Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2854	—		< 104.0.5112.101-bp154.2.23.1	104.0.5112.101-bp154.2.23.1	Sep 26, 2022	Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3201	—		< 105.0.5195.127-bp154.2.29.1	105.0.5195.127-bp154.2.29.1	Sep 26, 2022	Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3200	—		< 105.0.5195.127-bp154.2.29.1	105.0.5195.127-bp154.2.29.1	Sep 26, 2022	Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3199	—		< 105.0.5195.127-bp154.2.29.1	105.0.5195.127-bp154.2.29.1	Sep 26, 2022	Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3198	—		< 105.0.5195.127-bp154.2.29.1	105.0.5195.127-bp154.2.29.1	Sep 26, 2022	Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2022-3197	—		< 105.0.5195.127-bp154.2.29.1	105.0.5195.127-bp154.2.29.1	Sep 26, 2022	Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2022-3196	—		< 105.0.5195.127-bp154.2.29.1	105.0.5195.127-bp154.2.29.1	Sep 26, 2022	Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2022-3195	—		< 105.0.5195.127-bp154.2.29.1	105.0.5195.127-bp154.2.29.1	Sep 26, 2022	Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2022-2853	—		< 104.0.5112.101-bp154.2.23.1	104.0.5112.101-bp154.2.23.1	Sep 26, 2022	Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2852	—		< 104.0.5112.101-bp154.2.23.1	104.0.5112.101-bp154.2.23.1	Sep 26, 2022	Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2624	—		< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.
CVE-2022-2623	—		< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2622	—		< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.
CVE-2022-2621	—		< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.

CVE-2022-2860Sep 26, 2022
affected < 104.0.5112.101-bp154.2.23.1fixed 104.0.5112.101-bp154.2.23.1
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.
CVE-2022-2859Sep 26, 2022
affected < 104.0.5112.101-bp154.2.23.1fixed 104.0.5112.101-bp154.2.23.1
Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2858Sep 26, 2022
affected < 104.0.5112.101-bp154.2.23.1fixed 104.0.5112.101-bp154.2.23.1
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.
CVE-2022-2857Sep 26, 2022
affected < 104.0.5112.101-bp154.2.23.1fixed 104.0.5112.101-bp154.2.23.1
Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2856KEVSep 26, 2022
affected < 104.0.5112.101-bp154.2.23.1fixed 104.0.5112.101-bp154.2.23.1
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
CVE-2022-2855Sep 26, 2022
affected < 104.0.5112.101-bp154.2.23.1fixed 104.0.5112.101-bp154.2.23.1
Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2854Sep 26, 2022
affected < 104.0.5112.101-bp154.2.23.1fixed 104.0.5112.101-bp154.2.23.1
Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3201Sep 26, 2022
affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3200Sep 26, 2022
affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3199Sep 26, 2022
affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3198Sep 26, 2022
affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2022-3197Sep 26, 2022
affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2022-3196Sep 26, 2022
affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2022-3195Sep 26, 2022
affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2022-2853Sep 26, 2022
affected < 104.0.5112.101-bp154.2.23.1fixed 104.0.5112.101-bp154.2.23.1
Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2852Sep 26, 2022
affected < 104.0.5112.101-bp154.2.23.1fixed 104.0.5112.101-bp154.2.23.1
Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2624Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.
CVE-2022-2623Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2622Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.
CVE-2022-2621Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.

Page 17 of 21