Overview

File _patchinfo of Package patchinfo.17650

<patchinfo incident="17650">
  <issue tracker="bnc" id="1202403">Tiny Chromium icon</issue>
  <issue tracker="bnc" id="1202964">VUL-0: chromium: multiple security issues fixed in 105.0.5195.52</issue>
  <issue tracker="bnc" id="1203102">VUL-0: chromium: multiple security issues fixed in 105.0.5195.102</issue>
  <issue tracker="cve" id="2022-3050"/>
  <issue tracker="cve" id="2022-3051"/>
  <issue tracker="cve" id="2022-3049"/>
  <issue tracker="cve" id="2022-3056"/>
  <issue tracker="cve" id="2022-3057"/>
  <issue tracker="cve" id="2022-3054"/>
  <issue tracker="cve" id="2022-3040"/>
  <issue tracker="cve" id="2022-3055"/>
  <issue tracker="cve" id="2022-3046"/>
  <issue tracker="cve" id="2022-3071"/>
  <issue tracker="cve" id="2022-3052"/>
  <issue tracker="cve" id="2022-3039"/>
  <issue tracker="cve" id="2022-3058"/>
  <issue tracker="cve" id="2022-3038"/>
  <issue tracker="cve" id="2022-3053"/>
  <issue tracker="cve" id="2022-3041"/>
  <issue tracker="cve" id="2022-3048"/>
  <issue tracker="cve" id="2022-3045"/>
  <issue tracker="cve" id="2022-3042"/>
  <issue tracker="cve" id="2022-3043"/>
  <issue tracker="cve" id="2022-3075"/>
  <issue tracker="cve" id="2022-3047"/>
  <issue tracker="cve" id="2022-3044"/>
  <packager>gmbr3</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for chromium</summary>
  <description>This update for chromium fixes the following issues:

Chromium 105.0.5195.102 (boo#1203102):

* CVE-2022-3075: Insufficient data validation in Mojo

Chromium 105.0.5195.52 (boo#1202964):

* CVE-2022-3038: Use after free in Network Service
* CVE-2022-3039: Use after free in WebSQL
* CVE-2022-3040: Use after free in Layout
* CVE-2022-3041: Use after free in WebSQL
* CVE-2022-3042: Use after free in PhoneHub
* CVE-2022-3043: Heap buffer overflow in Screen Capture
* CVE-2022-3044: Inappropriate implementation in Site Isolation
* CVE-2022-3045: Insufficient validation of untrusted input in V8
* CVE-2022-3046: Use after free in Browser Tag
* CVE-2022-3071: Use after free in Tab Strip
* CVE-2022-3047: Insufficient policy enforcement in Extensions API
* CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen
* CVE-2022-3049: Use after free in SplitScreen
* CVE-2022-3050: Heap buffer overflow in WebUI
* CVE-2022-3051: Heap buffer overflow in Exosphere
* CVE-2022-3052: Heap buffer overflow in Window Manager
* CVE-2022-3053: Inappropriate implementation in Pointer Lock
* CVE-2022-3054: Insufficient policy enforcement in DevTools
* CVE-2022-3055: Use after free in Passwords
* CVE-2022-3056: Insufficient policy enforcement in Content Security Policy
* CVE-2022-3057: Inappropriate implementation in iframe Sandbox
* CVE-2022-3058: Use after free in Sign-In Flow

- Update chromium-symbolic.svg: this fixes boo#1202403.
- Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places