chromedriver-101.0.4951.54-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12046 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-101.0.4951.54-1.1 on GA media These are all security issues fixed in the chromedriver-101.0.4951.54-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12046 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12046 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-1477/ SUSE CVE CVE-2022-1477 page https://www.suse.com/security/cve/CVE-2022-1478/ SUSE CVE CVE-2022-1478 page https://www.suse.com/security/cve/CVE-2022-1479/ SUSE CVE CVE-2022-1479 page https://www.suse.com/security/cve/CVE-2022-1480/ SUSE CVE CVE-2022-1480 page https://www.suse.com/security/cve/CVE-2022-1481/ SUSE CVE CVE-2022-1481 page https://www.suse.com/security/cve/CVE-2022-1482/ SUSE CVE CVE-2022-1482 page https://www.suse.com/security/cve/CVE-2022-1483/ SUSE CVE CVE-2022-1483 page https://www.suse.com/security/cve/CVE-2022-1484/ SUSE CVE CVE-2022-1484 page https://www.suse.com/security/cve/CVE-2022-1485/ SUSE CVE CVE-2022-1485 page https://www.suse.com/security/cve/CVE-2022-1486/ SUSE CVE CVE-2022-1486 page https://www.suse.com/security/cve/CVE-2022-1487/ SUSE CVE CVE-2022-1487 page https://www.suse.com/security/cve/CVE-2022-1488/ SUSE CVE CVE-2022-1488 page https://www.suse.com/security/cve/CVE-2022-1489/ SUSE CVE CVE-2022-1489 page https://www.suse.com/security/cve/CVE-2022-1490/ SUSE CVE CVE-2022-1490 page https://www.suse.com/security/cve/CVE-2022-1491/ SUSE CVE CVE-2022-1491 page https://www.suse.com/security/cve/CVE-2022-1492/ SUSE CVE CVE-2022-1492 page https://www.suse.com/security/cve/CVE-2022-1493/ SUSE CVE CVE-2022-1493 page https://www.suse.com/security/cve/CVE-2022-1494/ SUSE CVE CVE-2022-1494 page https://www.suse.com/security/cve/CVE-2022-1495/ SUSE CVE CVE-2022-1495 page https://www.suse.com/security/cve/CVE-2022-1496/ SUSE CVE CVE-2022-1496 page https://www.suse.com/security/cve/CVE-2022-1497/ SUSE CVE CVE-2022-1497 page https://www.suse.com/security/cve/CVE-2022-1498/ SUSE CVE CVE-2022-1498 page https://www.suse.com/security/cve/CVE-2022-1499/ SUSE CVE CVE-2022-1499 page https://www.suse.com/security/cve/CVE-2022-1500/ SUSE CVE CVE-2022-1500 page https://www.suse.com/security/cve/CVE-2022-1501/ SUSE CVE CVE-2022-1501 page openSUSE Tumbleweed chromedriver-101.0.4951.54-1.1 chromium-101.0.4951.54-1.1 chromedriver-101.0.4951.54-1.1 as a component of openSUSE Tumbleweed chromium-101.0.4951.54-1.1 as a component of openSUSE Tumbleweed Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1477 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1477.html CVE-2022-1477 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1478 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1478.html CVE-2022-1478 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1479 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1479.html CVE-2022-1479 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2022-1480 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1480.html CVE-2022-1480 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1481 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1481.html CVE-2022-1481 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1482 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1482.html CVE-2022-1482 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1483 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1483.html CVE-2022-1483 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1484 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1484.html CVE-2022-1484 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1485 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1485.html CVE-2022-1485 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2022-1486 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1486.html CVE-2022-1486 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test. CVE-2022-1487 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1487.html CVE-2022-1487 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. CVE-2022-1488 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1488.html CVE-2022-1488 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. CVE-2022-1489 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1489.html CVE-2022-1489 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1490 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1490.html CVE-2022-1490 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. CVE-2022-1491 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1491.html CVE-2022-1491 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page. CVE-2022-1492 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1492.html CVE-2022-1492 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. CVE-2022-1493 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1493.html CVE-2022-1493 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page. CVE-2022-1494 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1494.html CVE-2022-1494 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. CVE-2022-1495 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1495.html CVE-2022-1495 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction. CVE-2022-1496 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1496.html CVE-2022-1496 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page. CVE-2022-1497 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1497.html CVE-2022-1497 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-1498 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1498.html CVE-2022-1498 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. CVE-2022-1499 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1499.html CVE-2022-1499 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2022-1500 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1500.html CVE-2022-1500 https://bugzilla.suse.com/1198917 SUSE Bug 1198917 Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-1501 openSUSE Tumbleweed:chromedriver-101.0.4951.54-1.1 openSUSE Tumbleweed:chromium-101.0.4951.54-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1501.html CVE-2022-1501 https://bugzilla.suse.com/1198917 SUSE Bug 1198917