chromedriver-98.0.4758.80-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11811-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-98.0.4758.80-1.1 on GA media These are all security issues fixed in the chromedriver-98.0.4758.80-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11811 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-0452/ SUSE CVE CVE-2022-0452 page https://www.suse.com/security/cve/CVE-2022-0453/ SUSE CVE CVE-2022-0453 page https://www.suse.com/security/cve/CVE-2022-0454/ SUSE CVE CVE-2022-0454 page https://www.suse.com/security/cve/CVE-2022-0455/ SUSE CVE CVE-2022-0455 page https://www.suse.com/security/cve/CVE-2022-0456/ SUSE CVE CVE-2022-0456 page https://www.suse.com/security/cve/CVE-2022-0457/ SUSE CVE CVE-2022-0457 page https://www.suse.com/security/cve/CVE-2022-0459/ SUSE CVE CVE-2022-0459 page https://www.suse.com/security/cve/CVE-2022-0460/ SUSE CVE CVE-2022-0460 page https://www.suse.com/security/cve/CVE-2022-0461/ SUSE CVE CVE-2022-0461 page https://www.suse.com/security/cve/CVE-2022-0462/ SUSE CVE CVE-2022-0462 page https://www.suse.com/security/cve/CVE-2022-0463/ SUSE CVE CVE-2022-0463 page https://www.suse.com/security/cve/CVE-2022-0464/ SUSE CVE CVE-2022-0464 page https://www.suse.com/security/cve/CVE-2022-0465/ SUSE CVE CVE-2022-0465 page https://www.suse.com/security/cve/CVE-2022-0466/ SUSE CVE CVE-2022-0466 page https://www.suse.com/security/cve/CVE-2022-0467/ SUSE CVE CVE-2022-0467 page https://www.suse.com/security/cve/CVE-2022-0468/ SUSE CVE CVE-2022-0468 page https://www.suse.com/security/cve/CVE-2022-0469/ SUSE CVE CVE-2022-0469 page https://www.suse.com/security/cve/CVE-2022-0470/ SUSE CVE CVE-2022-0470 page openSUSE Tumbleweed chromedriver-98.0.4758.80-1.1 chromium-98.0.4758.80-1.1 chromedriver-98.0.4758.80-1.1 as a component of openSUSE Tumbleweed chromium-98.0.4758.80-1.1 as a component of openSUSE Tumbleweed Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-0452 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0452.html CVE-2022-0452 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0453 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0453.html CVE-2022-0453 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0454 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0454.html CVE-2022-0454 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 98.0.4758.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2022-0455 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0455.html CVE-2022-0455 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction. CVE-2022-0456 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0456.html CVE-2022-0456 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0457 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0457.html CVE-2022-0457 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0459 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0459.html CVE-2022-0459 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0460 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0460.html CVE-2022-0460 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page. CVE-2022-0461 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0461.html CVE-2022-0461 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-0462 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0462.html CVE-2022-0462 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. CVE-2022-0463 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0463.html CVE-2022-0463 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. CVE-2022-0464 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0464.html CVE-2022-0464 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction. CVE-2022-0465 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0465.html CVE-2022-0465 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-0466 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0466.html CVE-2022-0466 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2022-0467 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0467.html CVE-2022-0467 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0468 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0468.html CVE-2022-0468 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0469 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0469.html CVE-2022-0469 https://bugzilla.suse.com/1195420 SUSE Bug 1195420 Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0470 openSUSE Tumbleweed:chromedriver-98.0.4758.80-1.1 openSUSE Tumbleweed:chromium-98.0.4758.80-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0470.html CVE-2022-0470 https://bugzilla.suse.com/1195420 SUSE Bug 1195420