chromedriver-103.0.5060.134-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12198 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-103.0.5060.134-1.1 on GA media These are all security issues fixed in the chromedriver-103.0.5060.134-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12198 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12198 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-2477/ SUSE CVE CVE-2022-2477 page https://www.suse.com/security/cve/CVE-2022-2478/ SUSE CVE CVE-2022-2478 page https://www.suse.com/security/cve/CVE-2022-2479/ SUSE CVE CVE-2022-2479 page https://www.suse.com/security/cve/CVE-2022-2480/ SUSE CVE CVE-2022-2480 page https://www.suse.com/security/cve/CVE-2022-2481/ SUSE CVE CVE-2022-2481 page openSUSE Tumbleweed chromedriver-103.0.5060.134-1.1 chromium-103.0.5060.134-1.1 chromedriver-103.0.5060.134-1.1 as a component of openSUSE Tumbleweed chromium-103.0.5060.134-1.1 as a component of openSUSE Tumbleweed Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2477 openSUSE Tumbleweed:chromedriver-103.0.5060.134-1.1 openSUSE Tumbleweed:chromium-103.0.5060.134-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2477.html CVE-2022-2477 https://bugzilla.suse.com/1201679 SUSE Bug 1201679 Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2478 openSUSE Tumbleweed:chromedriver-103.0.5060.134-1.1 openSUSE Tumbleweed:chromium-103.0.5060.134-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2478.html CVE-2022-2478 https://bugzilla.suse.com/1201679 SUSE Bug 1201679 Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. CVE-2022-2479 openSUSE Tumbleweed:chromedriver-103.0.5060.134-1.1 openSUSE Tumbleweed:chromium-103.0.5060.134-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2479.html CVE-2022-2479 https://bugzilla.suse.com/1201679 SUSE Bug 1201679 Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2480 openSUSE Tumbleweed:chromedriver-103.0.5060.134-1.1 openSUSE Tumbleweed:chromium-103.0.5060.134-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2480.html CVE-2022-2480 https://bugzilla.suse.com/1201679 SUSE Bug 1201679 Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction. CVE-2022-2481 openSUSE Tumbleweed:chromedriver-103.0.5060.134-1.1 openSUSE Tumbleweed:chromium-103.0.5060.134-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2481.html CVE-2022-2481 https://bugzilla.suse.com/1201679 SUSE Bug 1201679