rpm package
suse/chromium&distro=SUSE Package Hub 15 SP3
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP3
Vulnerabilities (505)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-4182 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2022-4181 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-4180 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||
| CVE-2022-4179 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||
| CVE-2022-4178 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-4177 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) | ||
| CVE-2022-4176 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Hig | ||
| CVE-2022-4175 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-4174 | — | < 108.0.5359.71-bp154.2.49.1 | 108.0.5359.71-bp154.2.49.1 | Nov 29, 2022 | Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-4135 | — | KEV | < 107.0.5304.121-bp154.2.46.1 | 107.0.5304.121-bp154.2.46.1 | Nov 25, 2022 | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2022-3890 | — | < 107.0.5304.110-bp154.2.43.1 | 107.0.5304.110-bp154.2.43.1 | Nov 9, 2022 | Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3889 | — | < 107.0.5304.110-bp154.2.43.1 | 107.0.5304.110-bp154.2.43.1 | Nov 9, 2022 | Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3888 | — | < 107.0.5304.110-bp154.2.43.1 | 107.0.5304.110-bp154.2.43.1 | Nov 9, 2022 | Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3887 | — | < 107.0.5304.110-bp154.2.43.1 | 107.0.5304.110-bp154.2.43.1 | Nov 9, 2022 | Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3886 | — | < 107.0.5304.110-bp154.2.43.1 | 107.0.5304.110-bp154.2.43.1 | Nov 9, 2022 | Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3885 | — | < 107.0.5304.110-bp154.2.43.1 | 107.0.5304.110-bp154.2.43.1 | Nov 9, 2022 | Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3450 | — | < 106.0.5249.119-bp153.2.128.1 | 106.0.5249.119-bp153.2.128.1 | Nov 9, 2022 | Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3449 | — | < 106.0.5249.119-bp153.2.128.1 | 106.0.5249.119-bp153.2.128.1 | Nov 9, 2022 | Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||
| CVE-2022-3448 | — | < 106.0.5249.119-bp153.2.128.1 | 106.0.5249.119-bp153.2.128.1 | Nov 9, 2022 | Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3447 | — | < 106.0.5249.119-bp153.2.128.1 | 106.0.5249.119-bp153.2.128.1 | Nov 9, 2022 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) |
- CVE-2022-4182Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2022-4181Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-4180Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
- CVE-2022-4179Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
- CVE-2022-4178Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-4177Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)
- CVE-2022-4176Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Hig
- CVE-2022-4175Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-4174Nov 29, 2022affected < 108.0.5359.71-bp154.2.49.1fixed 108.0.5359.71-bp154.2.49.1
Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 107.0.5304.121-bp154.2.46.1fixed 107.0.5304.121-bp154.2.46.1
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3890Nov 9, 2022affected < 107.0.5304.110-bp154.2.43.1fixed 107.0.5304.110-bp154.2.43.1
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3889Nov 9, 2022affected < 107.0.5304.110-bp154.2.43.1fixed 107.0.5304.110-bp154.2.43.1
Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3888Nov 9, 2022affected < 107.0.5304.110-bp154.2.43.1fixed 107.0.5304.110-bp154.2.43.1
Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3887Nov 9, 2022affected < 107.0.5304.110-bp154.2.43.1fixed 107.0.5304.110-bp154.2.43.1
Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3886Nov 9, 2022affected < 107.0.5304.110-bp154.2.43.1fixed 107.0.5304.110-bp154.2.43.1
Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3885Nov 9, 2022affected < 107.0.5304.110-bp154.2.43.1fixed 107.0.5304.110-bp154.2.43.1
Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3450Nov 9, 2022affected < 106.0.5249.119-bp153.2.128.1fixed 106.0.5249.119-bp153.2.128.1
Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3449Nov 9, 2022affected < 106.0.5249.119-bp153.2.128.1fixed 106.0.5249.119-bp153.2.128.1
Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
- CVE-2022-3448Nov 9, 2022affected < 106.0.5249.119-bp153.2.128.1fixed 106.0.5249.119-bp153.2.128.1
Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3447Nov 9, 2022affected < 106.0.5249.119-bp153.2.128.1fixed 106.0.5249.119-bp153.2.128.1
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
Page 2 of 26