chromedriver-105.0.5195.102-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12319-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-105.0.5195.102-1.1 on GA media These are all security issues fixed in the chromedriver-105.0.5195.102-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12319 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-3038/ SUSE CVE CVE-2022-3038 page https://www.suse.com/security/cve/CVE-2022-3039/ SUSE CVE CVE-2022-3039 page https://www.suse.com/security/cve/CVE-2022-3040/ SUSE CVE CVE-2022-3040 page https://www.suse.com/security/cve/CVE-2022-3041/ SUSE CVE CVE-2022-3041 page https://www.suse.com/security/cve/CVE-2022-3042/ SUSE CVE CVE-2022-3042 page https://www.suse.com/security/cve/CVE-2022-3043/ SUSE CVE CVE-2022-3043 page https://www.suse.com/security/cve/CVE-2022-3044/ SUSE CVE CVE-2022-3044 page https://www.suse.com/security/cve/CVE-2022-3045/ SUSE CVE CVE-2022-3045 page https://www.suse.com/security/cve/CVE-2022-3046/ SUSE CVE CVE-2022-3046 page https://www.suse.com/security/cve/CVE-2022-3047/ SUSE CVE CVE-2022-3047 page https://www.suse.com/security/cve/CVE-2022-3048/ SUSE CVE CVE-2022-3048 page https://www.suse.com/security/cve/CVE-2022-3049/ SUSE CVE CVE-2022-3049 page https://www.suse.com/security/cve/CVE-2022-3050/ SUSE CVE CVE-2022-3050 page https://www.suse.com/security/cve/CVE-2022-3051/ SUSE CVE CVE-2022-3051 page https://www.suse.com/security/cve/CVE-2022-3052/ SUSE CVE CVE-2022-3052 page https://www.suse.com/security/cve/CVE-2022-3053/ SUSE CVE CVE-2022-3053 page https://www.suse.com/security/cve/CVE-2022-3054/ SUSE CVE CVE-2022-3054 page https://www.suse.com/security/cve/CVE-2022-3055/ SUSE CVE CVE-2022-3055 page https://www.suse.com/security/cve/CVE-2022-3056/ SUSE CVE CVE-2022-3056 page https://www.suse.com/security/cve/CVE-2022-3057/ SUSE CVE CVE-2022-3057 page https://www.suse.com/security/cve/CVE-2022-3058/ SUSE CVE CVE-2022-3058 page https://www.suse.com/security/cve/CVE-2022-3071/ SUSE CVE CVE-2022-3071 page https://www.suse.com/security/cve/CVE-2022-3075/ SUSE CVE CVE-2022-3075 page openSUSE Tumbleweed chromedriver-105.0.5195.102-1.1 chromium-105.0.5195.102-1.1 chromedriver-105.0.5195.102-1.1 as a component of openSUSE Tumbleweed chromium-105.0.5195.102-1.1 as a component of openSUSE Tumbleweed Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-3038 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3038.html CVE-2022-3038 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-3039 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3039.html CVE-2022-3039 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Use after free in Layout in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-3040 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3040.html CVE-2022-3040 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-3041 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3041.html CVE-2022-3041 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-3042 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3042.html CVE-2022-3042 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. CVE-2022-3043 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3043.html CVE-2022-3043 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Inappropriate implementation in Site Isolation in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. CVE-2022-3044 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3044.html CVE-2022-3044 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Insufficient validation of untrusted input in V8 in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-3045 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3045.html CVE-2022-3045 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2022-3046 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3046.html CVE-2022-3046 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. CVE-2022-3047 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3047.html CVE-2022-3047 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device. CVE-2022-3048 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3048.html CVE-2022-3048 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. CVE-2022-3049 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3049.html CVE-2022-3049 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. CVE-2022-3050 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3050.html CVE-2022-3050 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. CVE-2022-3051 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3051.html CVE-2022-3051 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. CVE-2022-3052 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3052.html CVE-2022-3052 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. CVE-2022-3053 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3053.html CVE-2022-3053 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-3054 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3054.html CVE-2022-3054 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. CVE-2022-3055 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3055.html CVE-2022-3055 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2022-3056 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3056.html CVE-2022-3056 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Inappropriate implementation in iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-3057 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3057.html CVE-2022-3057 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. CVE-2022-3058 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3058.html CVE-2022-3058 https://bugzilla.suse.com/1202964 SUSE Bug 1202964 Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction. CVE-2022-3071 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3071.html CVE-2022-3071 Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-3075 openSUSE Tumbleweed:chromedriver-105.0.5195.102-1.1 openSUSE Tumbleweed:chromium-105.0.5195.102-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-3075.html CVE-2022-3075 https://bugzilla.suse.com/1203102 SUSE Bug 1203102