rpm package
suse/chromium&distro=SUSE Package Hub 15 SP3
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP3
Vulnerabilities (505)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-2854 | — | < 104.0.5112.101-bp154.2.23.1 | 104.0.5112.101-bp154.2.23.1 | Sep 26, 2022 | Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2022-3201 | — | < 105.0.5195.127-bp154.2.29.1 | 105.0.5195.127-bp154.2.29.1 | Sep 26, 2022 | Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3200 | — | < 105.0.5195.127-bp154.2.29.1 | 105.0.5195.127-bp154.2.29.1 | Sep 26, 2022 | Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3199 | — | < 105.0.5195.127-bp154.2.29.1 | 105.0.5195.127-bp154.2.29.1 | Sep 26, 2022 | Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-3198 | — | < 105.0.5195.127-bp154.2.29.1 | 105.0.5195.127-bp154.2.29.1 | Sep 26, 2022 | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | ||
| CVE-2022-3197 | — | < 105.0.5195.127-bp154.2.29.1 | 105.0.5195.127-bp154.2.29.1 | Sep 26, 2022 | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | ||
| CVE-2022-3196 | — | < 105.0.5195.127-bp154.2.29.1 | 105.0.5195.127-bp154.2.29.1 | Sep 26, 2022 | Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | ||
| CVE-2022-3195 | — | < 105.0.5195.127-bp154.2.29.1 | 105.0.5195.127-bp154.2.29.1 | Sep 26, 2022 | Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-2853 | — | < 104.0.5112.101-bp154.2.23.1 | 104.0.5112.101-bp154.2.23.1 | Sep 26, 2022 | Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2022-2852 | — | < 104.0.5112.101-bp154.2.23.1 | 104.0.5112.101-bp154.2.23.1 | Sep 26, 2022 | Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2022-2624 | — | < 104.0.5112.79-bp153.2.113.1 | 104.0.5112.79-bp153.2.113.1 | Aug 12, 2022 | Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. | ||
| CVE-2022-2623 | — | < 104.0.5112.79-bp153.2.113.1 | 104.0.5112.79-bp153.2.113.1 | Aug 12, 2022 | Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | ||
| CVE-2022-2622 | — | < 104.0.5112.79-bp153.2.113.1 | 104.0.5112.79-bp153.2.113.1 | Aug 12, 2022 | Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | ||
| CVE-2022-2621 | — | < 104.0.5112.79-bp153.2.113.1 | 104.0.5112.79-bp153.2.113.1 | Aug 12, 2022 | Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. | ||
| CVE-2022-2620 | — | < 104.0.5112.79-bp153.2.113.1 | 104.0.5112.79-bp153.2.113.1 | Aug 12, 2022 | Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | ||
| CVE-2022-2619 | — | < 104.0.5112.79-bp153.2.113.1 | 104.0.5112.79-bp153.2.113.1 | Aug 12, 2022 | Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. | ||
| CVE-2022-2618 | — | < 104.0.5112.79-bp153.2.113.1 | 104.0.5112.79-bp153.2.113.1 | Aug 12, 2022 | Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . | ||
| CVE-2022-2617 | — | < 104.0.5112.79-bp153.2.113.1 | 104.0.5112.79-bp153.2.113.1 | Aug 12, 2022 | Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. | ||
| CVE-2022-2616 | — | < 104.0.5112.79-bp153.2.113.1 | 104.0.5112.79-bp153.2.113.1 | Aug 12, 2022 | Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. | ||
| CVE-2022-2615 | — | < 104.0.5112.79-bp153.2.113.1 | 104.0.5112.79-bp153.2.113.1 | Aug 12, 2022 | Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
- CVE-2022-2854Sep 26, 2022affected < 104.0.5112.101-bp154.2.23.1fixed 104.0.5112.101-bp154.2.23.1
Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-3201Sep 26, 2022affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3200Sep 26, 2022affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3199Sep 26, 2022affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3198Sep 26, 2022affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
- CVE-2022-3197Sep 26, 2022affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
- CVE-2022-3196Sep 26, 2022affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
- CVE-2022-3195Sep 26, 2022affected < 105.0.5195.127-bp154.2.29.1fixed 105.0.5195.127-bp154.2.29.1
Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-2853Sep 26, 2022affected < 104.0.5112.101-bp154.2.23.1fixed 104.0.5112.101-bp154.2.23.1
Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2852Sep 26, 2022affected < 104.0.5112.101-bp154.2.23.1fixed 104.0.5112.101-bp154.2.23.1
Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-2624Aug 12, 2022affected < 104.0.5112.79-bp153.2.113.1fixed 104.0.5112.79-bp153.2.113.1
Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.
- CVE-2022-2623Aug 12, 2022affected < 104.0.5112.79-bp153.2.113.1fixed 104.0.5112.79-bp153.2.113.1
Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2622Aug 12, 2022affected < 104.0.5112.79-bp153.2.113.1fixed 104.0.5112.79-bp153.2.113.1
Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.
- CVE-2022-2621Aug 12, 2022affected < 104.0.5112.79-bp153.2.113.1fixed 104.0.5112.79-bp153.2.113.1
Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2620Aug 12, 2022affected < 104.0.5112.79-bp153.2.113.1fixed 104.0.5112.79-bp153.2.113.1
Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2619Aug 12, 2022affected < 104.0.5112.79-bp153.2.113.1fixed 104.0.5112.79-bp153.2.113.1
Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.
- CVE-2022-2618Aug 12, 2022affected < 104.0.5112.79-bp153.2.113.1fixed 104.0.5112.79-bp153.2.113.1
Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .
- CVE-2022-2617Aug 12, 2022affected < 104.0.5112.79-bp153.2.113.1fixed 104.0.5112.79-bp153.2.113.1
Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.
- CVE-2022-2616Aug 12, 2022affected < 104.0.5112.79-bp153.2.113.1fixed 104.0.5112.79-bp153.2.113.1
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.
- CVE-2022-2615Aug 12, 2022affected < 104.0.5112.79-bp153.2.113.1fixed 104.0.5112.79-bp153.2.113.1
Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Page 6 of 26