chromedriver-108.0.5359.71-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12545 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z chromedriver-108.0.5359.71-1.1 on GA media These are all security issues fixed in the chromedriver-108.0.5359.71-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12545 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12545 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-4174/ SUSE CVE CVE-2022-4174 page https://www.suse.com/security/cve/CVE-2022-4175/ SUSE CVE CVE-2022-4175 page https://www.suse.com/security/cve/CVE-2022-4176/ SUSE CVE CVE-2022-4176 page https://www.suse.com/security/cve/CVE-2022-4177/ SUSE CVE CVE-2022-4177 page https://www.suse.com/security/cve/CVE-2022-4178/ SUSE CVE CVE-2022-4178 page https://www.suse.com/security/cve/CVE-2022-4179/ SUSE CVE CVE-2022-4179 page https://www.suse.com/security/cve/CVE-2022-4180/ SUSE CVE CVE-2022-4180 page https://www.suse.com/security/cve/CVE-2022-4181/ SUSE CVE CVE-2022-4181 page https://www.suse.com/security/cve/CVE-2022-4182/ SUSE CVE CVE-2022-4182 page https://www.suse.com/security/cve/CVE-2022-4183/ SUSE CVE CVE-2022-4183 page https://www.suse.com/security/cve/CVE-2022-4184/ SUSE CVE CVE-2022-4184 page https://www.suse.com/security/cve/CVE-2022-4185/ SUSE CVE CVE-2022-4185 page https://www.suse.com/security/cve/CVE-2022-4186/ SUSE CVE CVE-2022-4186 page https://www.suse.com/security/cve/CVE-2022-4187/ SUSE CVE CVE-2022-4187 page https://www.suse.com/security/cve/CVE-2022-4188/ SUSE CVE CVE-2022-4188 page https://www.suse.com/security/cve/CVE-2022-4189/ SUSE CVE CVE-2022-4189 page https://www.suse.com/security/cve/CVE-2022-4190/ SUSE CVE CVE-2022-4190 page https://www.suse.com/security/cve/CVE-2022-4191/ SUSE CVE CVE-2022-4191 page https://www.suse.com/security/cve/CVE-2022-4192/ SUSE CVE CVE-2022-4192 page https://www.suse.com/security/cve/CVE-2022-4193/ SUSE CVE CVE-2022-4193 page https://www.suse.com/security/cve/CVE-2022-4194/ SUSE CVE CVE-2022-4194 page https://www.suse.com/security/cve/CVE-2022-4195/ SUSE CVE CVE-2022-4195 page openSUSE Tumbleweed chromedriver-108.0.5359.71-1.1 chromium-108.0.5359.71-1.1 chromedriver-108.0.5359.71-1.1 as a component of openSUSE Tumbleweed chromium-108.0.5359.71-1.1 as a component of openSUSE Tumbleweed Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-4174 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4174.html CVE-2022-4174 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-4175 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4175.html CVE-2022-4175 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High) CVE-2022-4176 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4176.html CVE-2022-4176 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) CVE-2022-4177 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4177.html CVE-2022-4177 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-4178 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4178.html CVE-2022-4178 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) CVE-2022-4179 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4179.html CVE-2022-4179 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) CVE-2022-4180 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4180.html CVE-2022-4180 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-4181 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4181.html CVE-2022-4181 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2022-4182 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4182.html CVE-2022-4182 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2022-4183 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4183.html CVE-2022-4183 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2022-4184 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4184.html CVE-2022-4184 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium) CVE-2022-4185 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4185.html CVE-2022-4185 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2022-4186 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4186.html CVE-2022-4186 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2022-4187 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4187.html CVE-2022-4187 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) CVE-2022-4188 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4188.html CVE-2022-4188 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) CVE-2022-4189 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4189.html CVE-2022-4189 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2022-4190 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4190.html CVE-2022-4190 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) CVE-2022-4191 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4191.html CVE-2022-4191 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) CVE-2022-4192 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4192.html CVE-2022-4192 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) CVE-2022-4193 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4193.html CVE-2022-4193 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2022-4194 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4194.html CVE-2022-4194 https://bugzilla.suse.com/1205871 SUSE Bug 1205871 Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) CVE-2022-4195 openSUSE Tumbleweed:chromedriver-108.0.5359.71-1.1 openSUSE Tumbleweed:chromium-108.0.5359.71-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-4195.html CVE-2022-4195 https://bugzilla.suse.com/1205871 SUSE Bug 1205871