{"affected":[{"ecosystem_specific":{"binaries":[{"chromedriver":"105.0.5195.102-bp153.2.119.1","chromium":"105.0.5195.102-bp153.2.119.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP3","name":"chromium","purl":"pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"105.0.5195.102-bp153.2.119.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"chromedriver":"105.0.5195.102-bp153.2.119.1","chromium":"105.0.5195.102-bp153.2.119.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"chromium","purl":"pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"105.0.5195.102-bp153.2.119.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for chromium fixes the following issues:\n\nChromium 105.0.5195.102 (boo#1203102):\n\n* CVE-2022-3075: Insufficient data validation in Mojo\n\nChromium 105.0.5195.52 (boo#1202964):\n\n* CVE-2022-3038: Use after free in Network Service\n* CVE-2022-3039: Use after free in WebSQL\n* CVE-2022-3040: Use after free in Layout\n* CVE-2022-3041: Use after free in WebSQL\n* CVE-2022-3042: Use after free in PhoneHub\n* CVE-2022-3043: Heap buffer overflow in Screen Capture\n* CVE-2022-3044: Inappropriate implementation in Site Isolation\n* CVE-2022-3045: Insufficient validation of untrusted input in V8\n* CVE-2022-3046: Use after free in Browser Tag\n* CVE-2022-3071: Use after free in Tab Strip\n* CVE-2022-3047: Insufficient policy enforcement in Extensions API\n* CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen\n* CVE-2022-3049: Use after free in SplitScreen\n* CVE-2022-3050: Heap buffer overflow in WebUI\n* CVE-2022-3051: Heap buffer overflow in Exosphere\n* CVE-2022-3052: Heap buffer overflow in Window Manager\n* CVE-2022-3053: Inappropriate implementation in Pointer Lock\n* CVE-2022-3054: Insufficient policy enforcement in DevTools\n* CVE-2022-3055: Use after free in Passwords\n* CVE-2022-3056: Insufficient policy enforcement in Content Security Policy\n* CVE-2022-3057: Inappropriate implementation in iframe Sandbox\n* CVE-2022-3058: Use after free in Sign-In Flow\n\n- Update chromium-symbolic.svg: this fixes boo#1202403.\n- Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH\n","id":"openSUSE-SU-2022:10120-1","modified":"2022-09-12T14:22:32Z","published":"2022-09-12T14:22:32Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2EVLCBABO7RGGUVQCAZPA7MNGKWHWCJN/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202403"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202964"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203102"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3038"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3039"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3040"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3041"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3042"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3043"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3044"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3045"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3046"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3047"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3048"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3049"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3050"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3051"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3052"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3053"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3054"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3055"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3056"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3057"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3058"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3071"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-3075"}],"related":["CVE-2022-3038","CVE-2022-3039","CVE-2022-3040","CVE-2022-3041","CVE-2022-3042","CVE-2022-3043","CVE-2022-3044","CVE-2022-3045","CVE-2022-3046","CVE-2022-3047","CVE-2022-3048","CVE-2022-3049","CVE-2022-3050","CVE-2022-3051","CVE-2022-3052","CVE-2022-3053","CVE-2022-3054","CVE-2022-3055","CVE-2022-3056","CVE-2022-3057","CVE-2022-3058","CVE-2022-3071","CVE-2022-3075"],"summary":"Security update for chromium","upstream":["CVE-2022-3038","CVE-2022-3039","CVE-2022-3040","CVE-2022-3041","CVE-2022-3042","CVE-2022-3043","CVE-2022-3044","CVE-2022-3045","CVE-2022-3046","CVE-2022-3047","CVE-2022-3048","CVE-2022-3049","CVE-2022-3050","CVE-2022-3051","CVE-2022-3052","CVE-2022-3053","CVE-2022-3054","CVE-2022-3055","CVE-2022-3056","CVE-2022-3057","CVE-2022-3058","CVE-2022-3071","CVE-2022-3075"]}