openSUSE Security Update: Security update for chromium______________________________________________________________________________Announcement ID: openSUSE-SU-2022:10119-1Rating: importantReferences: #1202403 #1202964 #1203102 Cross-References: CVE-2022-3038 CVE-2022-3039 CVE-2022-3040 CVE-2022-3041 CVE-2022-3042 CVE-2022-3043 CVE-2022-3044 CVE-2022-3045 CVE-2022-3046 CVE-2022-3047 CVE-2022-3048 CVE-2022-3049 CVE-2022-3050 CVE-2022-3051 CVE-2022-3052 CVE-2022-3053 CVE-2022-3054 CVE-2022-3055 CVE-2022-3056 CVE-2022-3057 CVE-2022-3058 CVE-2022-3071 CVE-2022-3075Affected Products: openSUSE Backports SLE-15-SP4______________________________________________________________________________ An update that fixes 23 vulnerabilities is now available.Description: This update for chromium fixes the following issues: Chromium 105.0.5195.102 (boo#1203102): * CVE-2022-3075: Insufficient data validation in Mojo Chromium 105.0.5195.52 (boo#1202964): * CVE-2022-3038: Use after free in Network Service * CVE-2022-3039: Use after free in WebSQL * CVE-2022-3040: Use after free in Layout * CVE-2022-3041: Use after free in WebSQL * CVE-2022-3042: Use after free in PhoneHub * CVE-2022-3043: Heap buffer overflow in Screen Capture * CVE-2022-3044: Inappropriate implementation in Site Isolation * CVE-2022-3045: Insufficient validation of untrusted input in V8 * CVE-2022-3046: Use after free in Browser Tag * CVE-2022-3071: Use after free in Tab Strip * CVE-2022-3047: Insufficient policy enforcement in Extensions API * CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen * CVE-2022-3049: Use after free in SplitScreen * CVE-2022-3050: Heap buffer overflow in WebUI * CVE-2022-3051: Heap buffer overflow in Exosphere * CVE-2022-3052: Heap buffer overflow in Window Manager * CVE-2022-3053: Inappropriate implementation in Pointer Lock * CVE-2022-3054: Insufficient policy enforcement in DevTools * CVE-2022-3055: Use after free in Passwords * CVE-2022-3056: Insufficient policy enforcement in Content Security Policy * CVE-2022-3057: Inappropriate implementation in iframe Sandbox * CVE-2022-3058: Use after free in Sign-In Flow - Update chromium-symbolic.svg: this fixes boo#1202403. - Fix quoting in chrome-wrapper, don’t put cwd on LD_LIBRARY_PATHPatch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or “zypper patch”. Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10119=1Package List: - openSUSE Backports SLE-15-SP4 (aarch64 x86_64): chromedriver-105.0.5195.102-bp154.2.26.1 chromium-105.0.5195.102-bp154.2.26.1References: https://www.suse.com/security/cve/CVE-2022-3038.html https://www.suse.com/security/cve/CVE-2022-3039.html https://www.suse.com/security/cve/CVE-2022-3040.html https://www.suse.com/security/cve/CVE-2022-3041.html https://www.suse.com/security/cve/CVE-2022-3042.html https://www.suse.com/security/cve/CVE-2022-3043.html https://www.suse.com/security/cve/CVE-2022-3044.html https://www.suse.com/security/cve/CVE-2022-3045.html https://www.suse.com/security/cve/CVE-2022-3046.html https://www.suse.com/security/cve/CVE-2022-3047.html https://www.suse.com/security/cve/CVE-2022-3048.html https://www.suse.com/security/cve/CVE-2022-3049.html https://www.suse.com/security/cve/CVE-2022-3050.html https://www.suse.com/security/cve/CVE-2022-3051.html https://www.suse.com/security/cve/CVE-2022-3052.html https://www.suse.com/security/cve/CVE-2022-3053.html https://www.suse.com/security/cve/CVE-2022-3054.html https://www.suse.com/security/cve/CVE-2022-3055.html https://www.suse.com/security/cve/CVE-2022-3056.html https://www.suse.com/security/cve/CVE-2022-3057.html https://www.suse.com/security/cve/CVE-2022-3058.html https://www.suse.com/security/cve/CVE-2022-3071.html https://www.suse.com/security/cve/CVE-2022-3075.html https://bugzilla.suse.com/1202403 https://bugzilla.suse.com/1202964 https://bugzilla.suse.com/1203102