chromedriver-97.0.4692.71-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11739 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-97.0.4692.71-1.1 on GA media These are all security issues fixed in the chromedriver-97.0.4692.71-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11739 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11739 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-0096/ SUSE CVE CVE-2022-0096 page https://www.suse.com/security/cve/CVE-2022-0097/ SUSE CVE CVE-2022-0097 page https://www.suse.com/security/cve/CVE-2022-0098/ SUSE CVE CVE-2022-0098 page https://www.suse.com/security/cve/CVE-2022-0099/ SUSE CVE CVE-2022-0099 page https://www.suse.com/security/cve/CVE-2022-0100/ SUSE CVE CVE-2022-0100 page https://www.suse.com/security/cve/CVE-2022-0101/ SUSE CVE CVE-2022-0101 page https://www.suse.com/security/cve/CVE-2022-0102/ SUSE CVE CVE-2022-0102 page https://www.suse.com/security/cve/CVE-2022-0103/ SUSE CVE CVE-2022-0103 page https://www.suse.com/security/cve/CVE-2022-0104/ SUSE CVE CVE-2022-0104 page https://www.suse.com/security/cve/CVE-2022-0105/ SUSE CVE CVE-2022-0105 page https://www.suse.com/security/cve/CVE-2022-0106/ SUSE CVE CVE-2022-0106 page https://www.suse.com/security/cve/CVE-2022-0107/ SUSE CVE CVE-2022-0107 page https://www.suse.com/security/cve/CVE-2022-0108/ SUSE CVE CVE-2022-0108 page https://www.suse.com/security/cve/CVE-2022-0109/ SUSE CVE CVE-2022-0109 page https://www.suse.com/security/cve/CVE-2022-0110/ SUSE CVE CVE-2022-0110 page https://www.suse.com/security/cve/CVE-2022-0111/ SUSE CVE CVE-2022-0111 page https://www.suse.com/security/cve/CVE-2022-0112/ SUSE CVE CVE-2022-0112 page https://www.suse.com/security/cve/CVE-2022-0113/ SUSE CVE CVE-2022-0113 page https://www.suse.com/security/cve/CVE-2022-0114/ SUSE CVE CVE-2022-0114 page https://www.suse.com/security/cve/CVE-2022-0115/ SUSE CVE CVE-2022-0115 page https://www.suse.com/security/cve/CVE-2022-0116/ SUSE CVE CVE-2022-0116 page https://www.suse.com/security/cve/CVE-2022-0117/ SUSE CVE CVE-2022-0117 page https://www.suse.com/security/cve/CVE-2022-0118/ SUSE CVE CVE-2022-0118 page https://www.suse.com/security/cve/CVE-2022-0120/ SUSE CVE CVE-2022-0120 page openSUSE Tumbleweed chromedriver-97.0.4692.71-1.1 chromium-97.0.4692.71-1.1 chromedriver-97.0.4692.71-1.1 as a component of openSUSE Tumbleweed chromium-97.0.4692.71-1.1 as a component of openSUSE Tumbleweed Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0096 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0096.html CVE-2022-0096 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. CVE-2022-0097 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0097.html CVE-2022-0097 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. CVE-2022-0098 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0098.html CVE-2022-0098 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture. CVE-2022-0099 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0099.html CVE-2022-0099 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0100 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0100.html CVE-2022-0100 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture. CVE-2022-0101 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0101.html CVE-2022-0101 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0102 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0102.html CVE-2022-0102 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0103 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0103.html CVE-2022-0103 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0104 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0104.html CVE-2022-0104 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0105 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0105.html CVE-2022-0105 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0106 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0106.html CVE-2022-0106 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0107 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0107.html CVE-2022-0107 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-0108 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0108.html CVE-2022-0108 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1210731 SUSE Bug 1210731 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. CVE-2022-0109 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0109.html CVE-2022-0109 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2022-0110 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0110.html CVE-2022-0110 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page. CVE-2022-0111 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0111.html CVE-2022-0111 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL. CVE-2022-0112 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0112.html CVE-2022-0112 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-0113 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0113.html CVE-2022-0113 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver. CVE-2022-0114 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0114.html CVE-2022-0114 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2022-0115 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0115.html CVE-2022-0115 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2022-0116 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0116.html CVE-2022-0116 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-0117 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0117.html CVE-2022-0117 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2022-0118 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0118.html CVE-2022-0118 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802 Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website. CVE-2022-0120 openSUSE Tumbleweed:chromedriver-97.0.4692.71-1.1 openSUSE Tumbleweed:chromium-97.0.4692.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0120.html CVE-2022-0120 https://bugzilla.suse.com/1194331 SUSE Bug 1194331 https://bugzilla.suse.com/1213802 SUSE Bug 1213802