chromedriver-99.0.4844.51-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11890 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-99.0.4844.51-1.1 on GA media These are all security issues fixed in the chromedriver-99.0.4844.51-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11890 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11890 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-0789/ SUSE CVE CVE-2022-0789 page https://www.suse.com/security/cve/CVE-2022-0790/ SUSE CVE CVE-2022-0790 page https://www.suse.com/security/cve/CVE-2022-0791/ SUSE CVE CVE-2022-0791 page https://www.suse.com/security/cve/CVE-2022-0792/ SUSE CVE CVE-2022-0792 page https://www.suse.com/security/cve/CVE-2022-0793/ SUSE CVE CVE-2022-0793 page https://www.suse.com/security/cve/CVE-2022-0794/ SUSE CVE CVE-2022-0794 page https://www.suse.com/security/cve/CVE-2022-0795/ SUSE CVE CVE-2022-0795 page https://www.suse.com/security/cve/CVE-2022-0796/ SUSE CVE CVE-2022-0796 page https://www.suse.com/security/cve/CVE-2022-0797/ SUSE CVE CVE-2022-0797 page https://www.suse.com/security/cve/CVE-2022-0798/ SUSE CVE CVE-2022-0798 page https://www.suse.com/security/cve/CVE-2022-0799/ SUSE CVE CVE-2022-0799 page https://www.suse.com/security/cve/CVE-2022-0800/ SUSE CVE CVE-2022-0800 page https://www.suse.com/security/cve/CVE-2022-0801/ SUSE CVE CVE-2022-0801 page https://www.suse.com/security/cve/CVE-2022-0802/ SUSE CVE CVE-2022-0802 page https://www.suse.com/security/cve/CVE-2022-0803/ SUSE CVE CVE-2022-0803 page https://www.suse.com/security/cve/CVE-2022-0804/ SUSE CVE CVE-2022-0804 page https://www.suse.com/security/cve/CVE-2022-0805/ SUSE CVE CVE-2022-0805 page https://www.suse.com/security/cve/CVE-2022-0806/ SUSE CVE CVE-2022-0806 page https://www.suse.com/security/cve/CVE-2022-0807/ SUSE CVE CVE-2022-0807 page https://www.suse.com/security/cve/CVE-2022-0808/ SUSE CVE CVE-2022-0808 page https://www.suse.com/security/cve/CVE-2022-0809/ SUSE CVE CVE-2022-0809 page openSUSE Tumbleweed chromedriver-99.0.4844.51-1.1 chromium-99.0.4844.51-1.1 chromedriver-99.0.4844.51-1.1 as a component of openSUSE Tumbleweed chromium-99.0.4844.51-1.1 as a component of openSUSE Tumbleweed Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0789 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0789.html CVE-2022-0789 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-0790 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0790.html CVE-2022-0790 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions. CVE-2022-0791 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0791.html CVE-2022-0791 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0792 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0792.html CVE-2022-0792 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension. CVE-2022-0793 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0793.html CVE-2022-0793 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0794 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0794.html CVE-2022-0794 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0795 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0795.html CVE-2022-0795 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0796 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0796.html CVE-2022-0796 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVE-2022-0797 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0797.html CVE-2022-0797 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. CVE-2022-0798 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0798.html CVE-2022-0798 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Insufficient policy enforcement in Installer in Google Chrome on Windows prior to 99.0.4844.51 allowed a remote attacker to perform local privilege escalation via a crafted offline installer file. CVE-2022-0799 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0799.html CVE-2022-0799 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0800 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0800.html CVE-2022-0800 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Inappropriate implementation in HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS preventions via a crafted HTML page. (Chrome security severity: Medium) CVE-2022-0801 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0801.html CVE-2022-0801 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2022-0802 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0802.html CVE-2022-0802 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2022-0803 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0803.html CVE-2022-0803 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2022-0804 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0804.html CVE-2022-0804 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. CVE-2022-0805 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0805.html CVE-2022-0805 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in screen sharing to potentially leak cross-origin data via a crafted HTML page. CVE-2022-0806 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0806.html CVE-2022-0806 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2022-0807 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0807.html CVE-2022-0807 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in a series of user interaction to potentially exploit heap corruption via user interactions. CVE-2022-0808 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0808.html CVE-2022-0808 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Out of bounds memory access in WebXR in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0809 openSUSE Tumbleweed:chromedriver-99.0.4844.51-1.1 openSUSE Tumbleweed:chromium-99.0.4844.51-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0809.html CVE-2022-0809 https://bugzilla.suse.com/1196641 SUSE Bug 1196641