rpm package
opensuse/chromium&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.4
Vulnerabilities (403)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2459 | — | < 113.0.5672.126-bp154.2.87.1 | 113.0.5672.126-bp154.2.87.1 | May 2, 2023 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-2137 | — | < 112.0.5615.165-bp154.2.84.1 | 112.0.5615.165-bp154.2.84.1 | Apr 19, 2023 | Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-2136 | — | KEV | < 112.0.5615.165-bp154.2.84.1 | 112.0.5615.165-bp154.2.84.1 | Apr 19, 2023 | Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2023-2135 | — | < 112.0.5615.165-bp154.2.84.1 | 112.0.5615.165-bp154.2.84.1 | Apr 19, 2023 | Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2134 | — | < 112.0.5615.165-bp154.2.84.1 | 112.0.5615.165-bp154.2.84.1 | Apr 19, 2023 | Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2133 | — | < 112.0.5615.165-bp154.2.84.1 | 112.0.5615.165-bp154.2.84.1 | Apr 19, 2023 | Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2033 | — | KEV | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 14, 2023 | Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2023-1823 | — | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 4, 2023 | Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2023-1822 | — | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 4, 2023 | Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2023-1821 | — | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 4, 2023 | Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2023-1820 | — | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 4, 2023 | Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-1819 | — | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 4, 2023 | Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-1818 | — | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 4, 2023 | Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-1817 | — | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 4, 2023 | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-1816 | — | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 4, 2023 | Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-1815 | — | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 4, 2023 | Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-1814 | — | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 4, 2023 | Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-1813 | — | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 4, 2023 | Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-1812 | — | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 4, 2023 | Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-1811 | — | < 112.0.5615.121-bp154.2.79.1 | 112.0.5615.121-bp154.2.79.1 | Apr 4, 2023 | Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
- CVE-2023-2459May 2, 2023affected < 113.0.5672.126-bp154.2.87.1fixed 113.0.5672.126-bp154.2.87.1
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-2137Apr 19, 2023affected < 112.0.5615.165-bp154.2.84.1fixed 112.0.5615.165-bp154.2.84.1
Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- affected < 112.0.5615.165-bp154.2.84.1fixed 112.0.5615.165-bp154.2.84.1
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2135Apr 19, 2023affected < 112.0.5615.165-bp154.2.84.1fixed 112.0.5615.165-bp154.2.84.1
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2134Apr 19, 2023affected < 112.0.5615.165-bp154.2.84.1fixed 112.0.5615.165-bp154.2.84.1
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2133Apr 19, 2023affected < 112.0.5615.165-bp154.2.84.1fixed 112.0.5615.165-bp154.2.84.1
Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-1823Apr 4, 2023affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
- CVE-2023-1822Apr 4, 2023affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2023-1821Apr 4, 2023affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
- CVE-2023-1820Apr 4, 2023affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1819Apr 4, 2023affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1818Apr 4, 2023affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1817Apr 4, 2023affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1816Apr 4, 2023affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1815Apr 4, 2023affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1814Apr 4, 2023affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1813Apr 4, 2023affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1812Apr 4, 2023affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1811Apr 4, 2023affected < 112.0.5615.121-bp154.2.79.1fixed 112.0.5615.121-bp154.2.79.1
Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Page 8 of 21