{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"97.0.4692.71-bp153.2.54.1","chromium":"97.0.4692.71-bp153.2.54.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP3","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"97.0.4692.71-bp153.2.54.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"97.0.4692.71-bp153.2.54.1","chromium":"97.0.4692.71-bp153.2.54.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"chromium","purl":"pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"97.0.4692.71-bp153.2.54.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for chromium fixes the following issues:\n\nChromium 97.0.4692.71 (boo#1194331):\n\n* CVE-2022-0096: Use after free in Storage\n* CVE-2022-0097: Inappropriate implementation in DevTools\n* CVE-2022-0098: Use after free in Screen Capture\n* CVE-2022-0099: Use after free in Sign-in\n* CVE-2022-0100: Heap buffer overflow in Media streams API\n* CVE-2022-0101: Heap buffer overflow in Bookmarks\n* CVE-2022-0102: Type Confusion in V8\n* CVE-2022-0103: Use after free in SwiftShader\n* CVE-2022-0104: Heap buffer overflow in ANGLE\n* CVE-2022-0105: Use after free in PDF\n* CVE-2022-0106: Use after free in Autofill\n* CVE-2022-0107: Use after free in File Manager API\n* CVE-2022-0108: Inappropriate implementation in Navigation\n* CVE-2022-0109: Inappropriate implementation in Autofill\n* CVE-2022-0110: Incorrect security UI in Autofill\n* CVE-2022-0111: Inappropriate implementation in Navigation\n* CVE-2022-0112: Incorrect security UI in Browser UI\n* CVE-2022-0113: Inappropriate implementation in Blink\n* CVE-2022-0114: Out of bounds memory access in Web Serial\n* CVE-2022-0115: Uninitialized Use in File API\n* CVE-2022-0116: Inappropriate implementation in Compositing\n* CVE-2022-0117: Policy bypass in Service Workers\n* CVE-2022-0118: Inappropriate implementation in WebShare\n* CVE-2022-0120: Inappropriate implementation in Passwords\n\n- Revert wayland fixes because it doesn't handle GPU correctly\n  (boo#1194182)\n\n","id":"openSUSE-SU-2022:0014-1","modified":"2022-01-17T09:35:20Z","published":"2022-01-17T09:35:20Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XW7HD7EA7DNOWMGKDOA6BCE6FBFET4WB/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194055"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194182"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194331"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0096"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0097"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0098"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0099"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0100"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0101"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0102"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0103"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0104"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0105"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0106"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0107"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0108"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0109"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0110"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0111"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0112"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0113"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0114"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0115"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0116"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0117"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0118"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0120"}],"related":["CVE-2022-0096","CVE-2022-0097","CVE-2022-0098","CVE-2022-0099","CVE-2022-0100","CVE-2022-0101","CVE-2022-0102","CVE-2022-0103","CVE-2022-0104","CVE-2022-0105","CVE-2022-0106","CVE-2022-0107","CVE-2022-0108","CVE-2022-0109","CVE-2022-0110","CVE-2022-0111","CVE-2022-0112","CVE-2022-0113","CVE-2022-0114","CVE-2022-0115","CVE-2022-0116","CVE-2022-0117","CVE-2022-0118","CVE-2022-0120"],"summary":"Security update for chromium","upstream":["CVE-2022-0096","CVE-2022-0097","CVE-2022-0098","CVE-2022-0099","CVE-2022-0100","CVE-2022-0101","CVE-2022-0102","CVE-2022-0103","CVE-2022-0104","CVE-2022-0105","CVE-2022-0106","CVE-2022-0107","CVE-2022-0108","CVE-2022-0109","CVE-2022-0110","CVE-2022-0111","CVE-2022-0112","CVE-2022-0113","CVE-2022-0114","CVE-2022-0115","CVE-2022-0116","CVE-2022-0117","CVE-2022-0118","CVE-2022-0120"]}