Security update for chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:10086-1 Final 1 1 2022-08-12T15:02:47Z current 2022-08-12T15:02:47Z 2022-08-12T15:02:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for chromium This update for chromium fixes the following issues: Chromium 104.0.5112.79 (boo#1202075) * CVE-2022-2603: Use after free in Omnibox * CVE-2022-2604: Use after free in Safe Browsing * CVE-2022-2605: Out of bounds read in Dawn * CVE-2022-2606: Use after free in Managed devices API * CVE-2022-2607: Use after free in Tab Strip * CVE-2022-2608: Use after free in Overview Mode * CVE-2022-2609: Use after free in Nearby Share * CVE-2022-2610: Insufficient policy enforcement in Background Fetch * CVE-2022-2611: Inappropriate implementation in Fullscreen API * CVE-2022-2612: Side-channel information leakage in Keyboard input * CVE-2022-2613: Use after free in Input * CVE-2022-2614: Use after free in Sign-In Flow * CVE-2022-2615: Insufficient policy enforcement in Cookies * CVE-2022-2616: Inappropriate implementation in Extensions API * CVE-2022-2617: Use after free in Extensions API * CVE-2022-2618: Insufficient validation of untrusted input in Internals * CVE-2022-2619: Insufficient validation of untrusted input in Settings * CVE-2022-2620: Use after free in WebUI * CVE-2022-2621: Use after free in Extensions * CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing * CVE-2022-2623: Use after free in Offline * CVE-2022-2624: Heap buffer overflow in PDF - Switch back to Clang so that we can use BTI on aarch64 * Gold is too old - doesn't understand BTI * LD crashes on aarch64 - Re-enable LTO - Prepare move to FFmpeg 5 for new channel layout (requires 5.1+) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-10086 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ E-Mail link for openSUSE-SU-2022:10086-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1202075 SUSE Bug 1202075 https://www.suse.com/security/cve/CVE-2022-2603/ SUSE CVE CVE-2022-2603 page https://www.suse.com/security/cve/CVE-2022-2604/ SUSE CVE CVE-2022-2604 page https://www.suse.com/security/cve/CVE-2022-2605/ SUSE CVE CVE-2022-2605 page https://www.suse.com/security/cve/CVE-2022-2606/ SUSE CVE CVE-2022-2606 page https://www.suse.com/security/cve/CVE-2022-2607/ SUSE CVE CVE-2022-2607 page https://www.suse.com/security/cve/CVE-2022-2608/ SUSE CVE CVE-2022-2608 page https://www.suse.com/security/cve/CVE-2022-2609/ SUSE CVE CVE-2022-2609 page https://www.suse.com/security/cve/CVE-2022-2610/ SUSE CVE CVE-2022-2610 page https://www.suse.com/security/cve/CVE-2022-2611/ SUSE CVE CVE-2022-2611 page https://www.suse.com/security/cve/CVE-2022-2612/ SUSE CVE CVE-2022-2612 page https://www.suse.com/security/cve/CVE-2022-2613/ SUSE CVE CVE-2022-2613 page https://www.suse.com/security/cve/CVE-2022-2614/ SUSE CVE CVE-2022-2614 page https://www.suse.com/security/cve/CVE-2022-2615/ SUSE CVE CVE-2022-2615 page https://www.suse.com/security/cve/CVE-2022-2616/ SUSE CVE CVE-2022-2616 page https://www.suse.com/security/cve/CVE-2022-2617/ SUSE CVE CVE-2022-2617 page https://www.suse.com/security/cve/CVE-2022-2618/ SUSE CVE CVE-2022-2618 page https://www.suse.com/security/cve/CVE-2022-2619/ SUSE CVE CVE-2022-2619 page https://www.suse.com/security/cve/CVE-2022-2620/ SUSE CVE CVE-2022-2620 page https://www.suse.com/security/cve/CVE-2022-2621/ SUSE CVE CVE-2022-2621 page https://www.suse.com/security/cve/CVE-2022-2622/ SUSE CVE CVE-2022-2622 page https://www.suse.com/security/cve/CVE-2022-2623/ SUSE CVE CVE-2022-2623 page https://www.suse.com/security/cve/CVE-2022-2624/ SUSE CVE CVE-2022-2624 page SUSE Package Hub 15 SP4 openSUSE Leap 15.4 chromedriver-104.0.5112.79-bp154.2.20.1 chromium-104.0.5112.79-bp154.2.20.1 chromedriver-104.0.5112.79-bp154.2.20.1 as a component of SUSE Package Hub 15 SP4 chromium-104.0.5112.79-bp154.2.20.1 as a component of SUSE Package Hub 15 SP4 chromedriver-104.0.5112.79-bp154.2.20.1 as a component of openSUSE Leap 15.4 chromium-104.0.5112.79-bp154.2.20.1 as a component of openSUSE Leap 15.4 Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2603 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2603.html CVE-2022-2603 Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2604 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2604.html CVE-2022-2604 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2605 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2605.html CVE-2022-2605 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2606 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2606.html CVE-2022-2606 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. CVE-2022-2607 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2607.html CVE-2022-2607 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. CVE-2022-2608 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2608.html CVE-2022-2608 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. CVE-2022-2609 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2609.html CVE-2022-2609 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-2610 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2610.html CVE-2022-2610 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2022-2611 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2611.html CVE-2022-2611 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2022-2612 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2612.html CVE-2022-2612 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. CVE-2022-2613 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2613.html CVE-2022-2613 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2614 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2614.html CVE-2022-2614 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-2615 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2615.html CVE-2022-2615 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. CVE-2022-2616 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2616.html CVE-2022-2616 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. CVE-2022-2617 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2617.html CVE-2022-2617 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . CVE-2022-2618 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2618.html CVE-2022-2618 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. CVE-2022-2619 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2619.html CVE-2022-2619 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. CVE-2022-2620 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2620.html CVE-2022-2620 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. CVE-2022-2621 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2621.html CVE-2022-2621 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. CVE-2022-2622 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2622.html CVE-2022-2622 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. CVE-2022-2623 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2623.html CVE-2022-2623 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. CVE-2022-2624 SUSE Package Hub 15 SP4:chromedriver-104.0.5112.79-bp154.2.20.1 SUSE Package Hub 15 SP4:chromium-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromedriver-104.0.5112.79-bp154.2.20.1 openSUSE Leap 15.4:chromium-104.0.5112.79-bp154.2.20.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43GPO54KYGHLDE7YCWHFLKD7CTXUXDWK/ https://www.suse.com/security/cve/CVE-2022-2624.html CVE-2022-2624 https://bugzilla.suse.com/1202075 SUSE Bug 1202075