chromedriver-104.0.5112.79-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12251-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-104.0.5112.79-1.1 on GA media These are all security issues fixed in the chromedriver-104.0.5112.79-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12251 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-2603/ SUSE CVE CVE-2022-2603 page https://www.suse.com/security/cve/CVE-2022-2604/ SUSE CVE CVE-2022-2604 page https://www.suse.com/security/cve/CVE-2022-2605/ SUSE CVE CVE-2022-2605 page https://www.suse.com/security/cve/CVE-2022-2606/ SUSE CVE CVE-2022-2606 page https://www.suse.com/security/cve/CVE-2022-2607/ SUSE CVE CVE-2022-2607 page https://www.suse.com/security/cve/CVE-2022-2608/ SUSE CVE CVE-2022-2608 page https://www.suse.com/security/cve/CVE-2022-2609/ SUSE CVE CVE-2022-2609 page https://www.suse.com/security/cve/CVE-2022-2610/ SUSE CVE CVE-2022-2610 page https://www.suse.com/security/cve/CVE-2022-2611/ SUSE CVE CVE-2022-2611 page https://www.suse.com/security/cve/CVE-2022-2612/ SUSE CVE CVE-2022-2612 page https://www.suse.com/security/cve/CVE-2022-2613/ SUSE CVE CVE-2022-2613 page https://www.suse.com/security/cve/CVE-2022-2614/ SUSE CVE CVE-2022-2614 page https://www.suse.com/security/cve/CVE-2022-2615/ SUSE CVE CVE-2022-2615 page https://www.suse.com/security/cve/CVE-2022-2616/ SUSE CVE CVE-2022-2616 page https://www.suse.com/security/cve/CVE-2022-2617/ SUSE CVE CVE-2022-2617 page https://www.suse.com/security/cve/CVE-2022-2618/ SUSE CVE CVE-2022-2618 page https://www.suse.com/security/cve/CVE-2022-2619/ SUSE CVE CVE-2022-2619 page https://www.suse.com/security/cve/CVE-2022-2620/ SUSE CVE CVE-2022-2620 page https://www.suse.com/security/cve/CVE-2022-2621/ SUSE CVE CVE-2022-2621 page https://www.suse.com/security/cve/CVE-2022-2622/ SUSE CVE CVE-2022-2622 page https://www.suse.com/security/cve/CVE-2022-2623/ SUSE CVE CVE-2022-2623 page https://www.suse.com/security/cve/CVE-2022-2624/ SUSE CVE CVE-2022-2624 page openSUSE Tumbleweed chromedriver-104.0.5112.79-1.1 chromium-104.0.5112.79-1.1 chromedriver-104.0.5112.79-1.1 as a component of openSUSE Tumbleweed chromium-104.0.5112.79-1.1 as a component of openSUSE Tumbleweed Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2603 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2603.html CVE-2022-2603 Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2604 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2604.html CVE-2022-2604 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2605 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2605.html CVE-2022-2605 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2606 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2606.html CVE-2022-2606 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. CVE-2022-2607 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2607.html CVE-2022-2607 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. CVE-2022-2608 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2608.html CVE-2022-2608 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. CVE-2022-2609 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2609.html CVE-2022-2609 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-2610 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2610.html CVE-2022-2610 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2022-2611 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2611.html CVE-2022-2611 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2022-2612 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2612.html CVE-2022-2612 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. CVE-2022-2613 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2613.html CVE-2022-2613 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2614 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2614.html CVE-2022-2614 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-2615 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2615.html CVE-2022-2615 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. CVE-2022-2616 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2616.html CVE-2022-2616 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. CVE-2022-2617 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2617.html CVE-2022-2617 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . CVE-2022-2618 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2618.html CVE-2022-2618 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. CVE-2022-2619 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2619.html CVE-2022-2619 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. CVE-2022-2620 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2620.html CVE-2022-2620 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. CVE-2022-2621 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2621.html CVE-2022-2621 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. CVE-2022-2622 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2622.html CVE-2022-2622 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. CVE-2022-2623 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2623.html CVE-2022-2623 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. CVE-2022-2624 openSUSE Tumbleweed:chromedriver-104.0.5112.79-1.1 openSUSE Tumbleweed:chromium-104.0.5112.79-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2624.html CVE-2022-2624 https://bugzilla.suse.com/1202075 SUSE Bug 1202075