rpm package

opensuse/chromium&distro=openSUSE Leap 15.4

pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.4

Vulnerabilities (403)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-2620	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2619	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.
CVE-2022-2618	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .
CVE-2022-2617	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2616	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.
CVE-2022-2615	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-2614	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2613	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2612	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2022-2611	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-2610	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-2609	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2608	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2607	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2606	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2605	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2604	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2603	—	< 104.0.5112.79-bp154.2.20.1	104.0.5112.79-bp154.2.20.1	Aug 12, 2022	Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2296	—	< 103.0.5060.114-bp154.2.14.1	103.0.5060.114-bp154.2.14.1	Jul 28, 2022	Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.
CVE-2022-2295	—	< 103.0.5060.114-bp154.2.14.1	103.0.5060.114-bp154.2.14.1	Jul 28, 2022	Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2022-2620Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2619Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.
CVE-2022-2618Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .
CVE-2022-2617Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2616Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.
CVE-2022-2615Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-2614Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2613Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2612Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2022-2611Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-2610Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-2609Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2608Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2607Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2606Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2605Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2604Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2603Aug 12, 2022
affected < 104.0.5112.79-bp154.2.20.1fixed 104.0.5112.79-bp154.2.20.1
Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2296Jul 28, 2022
affected < 103.0.5060.114-bp154.2.14.1fixed 103.0.5060.114-bp154.2.14.1
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.
CVE-2022-2295Jul 28, 2022
affected < 103.0.5060.114-bp154.2.14.1fixed 103.0.5060.114-bp154.2.14.1
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Page 18 of 21