chromedriver-104.0.5112.101-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12277-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-104.0.5112.101-1.1 on GA media These are all security issues fixed in the chromedriver-104.0.5112.101-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12277 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-2852/ SUSE CVE CVE-2022-2852 page https://www.suse.com/security/cve/CVE-2022-2853/ SUSE CVE CVE-2022-2853 page https://www.suse.com/security/cve/CVE-2022-2854/ SUSE CVE CVE-2022-2854 page https://www.suse.com/security/cve/CVE-2022-2855/ SUSE CVE CVE-2022-2855 page https://www.suse.com/security/cve/CVE-2022-2856/ SUSE CVE CVE-2022-2856 page https://www.suse.com/security/cve/CVE-2022-2857/ SUSE CVE CVE-2022-2857 page https://www.suse.com/security/cve/CVE-2022-2858/ SUSE CVE CVE-2022-2858 page https://www.suse.com/security/cve/CVE-2022-2859/ SUSE CVE CVE-2022-2859 page https://www.suse.com/security/cve/CVE-2022-2860/ SUSE CVE CVE-2022-2860 page https://www.suse.com/security/cve/CVE-2022-2861/ SUSE CVE CVE-2022-2861 page openSUSE Tumbleweed chromedriver-104.0.5112.101-1.1 chromium-104.0.5112.101-1.1 chromedriver-104.0.5112.101-1.1 as a component of openSUSE Tumbleweed chromium-104.0.5112.101-1.1 as a component of openSUSE Tumbleweed Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2852 openSUSE Tumbleweed:chromedriver-104.0.5112.101-1.1 openSUSE Tumbleweed:chromium-104.0.5112.101-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2852.html CVE-2022-2852 https://bugzilla.suse.com/1202509 SUSE Bug 1202509 Heap buffer overflow in Downloads in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2853 openSUSE Tumbleweed:chromedriver-104.0.5112.101-1.1 openSUSE Tumbleweed:chromium-104.0.5112.101-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2853.html CVE-2022-2853 https://bugzilla.suse.com/1202509 SUSE Bug 1202509 Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2854 openSUSE Tumbleweed:chromedriver-104.0.5112.101-1.1 openSUSE Tumbleweed:chromium-104.0.5112.101-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2854.html CVE-2022-2854 https://bugzilla.suse.com/1202509 SUSE Bug 1202509 Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2855 openSUSE Tumbleweed:chromedriver-104.0.5112.101-1.1 openSUSE Tumbleweed:chromium-104.0.5112.101-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2855.html CVE-2022-2855 https://bugzilla.suse.com/1202509 SUSE Bug 1202509 Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. CVE-2022-2856 openSUSE Tumbleweed:chromedriver-104.0.5112.101-1.1 openSUSE Tumbleweed:chromium-104.0.5112.101-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2856.html CVE-2022-2856 https://bugzilla.suse.com/1202509 SUSE Bug 1202509 Use after free in Blink in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2857 openSUSE Tumbleweed:chromedriver-104.0.5112.101-1.1 openSUSE Tumbleweed:chromium-104.0.5112.101-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2857.html CVE-2022-2857 https://bugzilla.suse.com/1202509 SUSE Bug 1202509 Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. CVE-2022-2858 openSUSE Tumbleweed:chromedriver-104.0.5112.101-1.1 openSUSE Tumbleweed:chromium-104.0.5112.101-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2858.html CVE-2022-2858 https://bugzilla.suse.com/1202509 SUSE Bug 1202509 Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. CVE-2022-2859 openSUSE Tumbleweed:chromedriver-104.0.5112.101-1.1 openSUSE Tumbleweed:chromium-104.0.5112.101-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2859.html CVE-2022-2859 https://bugzilla.suse.com/1202509 SUSE Bug 1202509 Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. CVE-2022-2860 openSUSE Tumbleweed:chromedriver-104.0.5112.101-1.1 openSUSE Tumbleweed:chromium-104.0.5112.101-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2860.html CVE-2022-2860 https://bugzilla.suse.com/1202509 SUSE Bug 1202509 Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page. CVE-2022-2861 openSUSE Tumbleweed:chromedriver-104.0.5112.101-1.1 openSUSE Tumbleweed:chromium-104.0.5112.101-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2861.html CVE-2022-2861 https://bugzilla.suse.com/1202509 SUSE Bug 1202509