Detections
Analytics

openSUSE 15 Security Update : chromium (openSUSE-SU-2022:10009-1)

critical Nessus Plugin ID 162322

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10009-1 advisory.

 - Use after free in Indexed DB. (CVE-2022-1853)

 - Use after free in ANGLE. (CVE-2022-1854, CVE-2022-2011)

 - Use after free in Messaging. (CVE-2022-1855)

 - Use after free in User Education. (CVE-2022-1856)

 - Insufficient policy enforcement in File System API. (CVE-2022-1857, CVE-2022-1871)

 - Out of bounds read in DevTools. (CVE-2022-1858)

 - Use after free in Performance Manager. (CVE-2022-1859)

 - Use after free in UI Foundations. (CVE-2022-1860)

 - Use after free in Sharing. (CVE-2022-1861)

 - Inappropriate implementation in Extensions. (CVE-2022-1862)

 - Use after free in Tab Groups. (CVE-2022-1863)

 - Use after free in WebApp Installs. (CVE-2022-1864)

 - Use after free in Bookmarks. (CVE-2022-1865)

 - Use after free in Tablet Mode. (CVE-2022-1866)

 - Insufficient validation of untrusted input in Data Transfer. (CVE-2022-1867)

 - Inappropriate implementation in Extensions API. (CVE-2022-1868)

 - Type Confusion in V8. (CVE-2022-1869)

 - Use after free in App Service. (CVE-2022-1870)

 - Insufficient policy enforcement in Extensions API. (CVE-2022-1872)

 - Insufficient policy enforcement in COOP. (CVE-2022-1873)

 - Insufficient policy enforcement in Safe Browsing. (CVE-2022-1874)

 - Inappropriate implementation in PDF. (CVE-2022-1875)

 - Heap buffer overflow in DevTools. (CVE-2022-1876)

 - Use after free in WebGPU. (CVE-2022-2007)

 - Out of bounds memory access in WebGL. (CVE-2022-2008)

 - Out of bounds read in compositing. (CVE-2022-2010)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected chromedriver and / or chromium packages.

See Also

https://bugzilla.suse.com/1199893

https://bugzilla.suse.com/1200139

https://bugzilla.suse.com/1200423

http://www.nessus.org/u?ea5b2420

https://www.suse.com/security/cve/CVE-2022-1853

https://www.suse.com/security/cve/CVE-2022-1854

https://www.suse.com/security/cve/CVE-2022-1855

https://www.suse.com/security/cve/CVE-2022-1856

https://www.suse.com/security/cve/CVE-2022-1857

https://www.suse.com/security/cve/CVE-2022-1858

https://www.suse.com/security/cve/CVE-2022-1859

https://www.suse.com/security/cve/CVE-2022-1860

https://www.suse.com/security/cve/CVE-2022-1861

https://www.suse.com/security/cve/CVE-2022-1862

https://www.suse.com/security/cve/CVE-2022-1863

https://www.suse.com/security/cve/CVE-2022-1864

https://www.suse.com/security/cve/CVE-2022-1865

https://www.suse.com/security/cve/CVE-2022-1866

https://www.suse.com/security/cve/CVE-2022-1867

https://www.suse.com/security/cve/CVE-2022-1868

https://www.suse.com/security/cve/CVE-2022-1869

https://www.suse.com/security/cve/CVE-2022-1870

https://www.suse.com/security/cve/CVE-2022-1871

https://www.suse.com/security/cve/CVE-2022-1872

https://www.suse.com/security/cve/CVE-2022-1873

https://www.suse.com/security/cve/CVE-2022-1874

https://www.suse.com/security/cve/CVE-2022-1875

https://www.suse.com/security/cve/CVE-2022-1876

https://www.suse.com/security/cve/CVE-2022-2007

https://www.suse.com/security/cve/CVE-2022-2008

https://www.suse.com/security/cve/CVE-2022-2010

https://www.suse.com/security/cve/CVE-2022-2011

Plugin Details

Severity: Critical

ID: 162322

File Name: openSUSE-2022-10009-1.nasl

Version: 1.8

Type: local

Agent: unix

Published: 6/16/2022

Updated: 3/23/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-2011

CVSS v3

Risk Factor: Critical

Base Score: 9.6

Temporal Score: 8.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-1853

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:chromedriver, p-cpe:/a:novell:opensuse:chromium, cpe:/o:novell:opensuse:15.3

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/15/2022

Vulnerability Publication Date: 5/24/2022

Reference Information

CVE: CVE-2022-1853, CVE-2022-1854, CVE-2022-1855, CVE-2022-1856, CVE-2022-1857, CVE-2022-1858, CVE-2022-1859, CVE-2022-1860, CVE-2022-1861, CVE-2022-1862, CVE-2022-1863, CVE-2022-1864, CVE-2022-1865, CVE-2022-1866, CVE-2022-1867, CVE-2022-1868, CVE-2022-1869, CVE-2022-1870, CVE-2022-1871, CVE-2022-1872, CVE-2022-1873, CVE-2022-1874, CVE-2022-1875, CVE-2022-1876, CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-2022-2011

IAVA: 2022-A-0231-S