MGASA-2022-0307

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0307.html

Import Source

https://advisories.mageia.org/MGASA-2022-0307.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2022-0307

Related

Published

2022-08-25T21:21:07Z

Modified

2022-08-25T20:18:25Z

Summary

Updated chromium-browser-stable packages fix security vulnerability

Details

The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE. Google is aware that an exploit for CVE-2022-2856 exists in the wild. Some of the addressed CVE are listed below: Critical CVE-2022-2852: Use after free in FedCM. High CVE-2022-2854: Use after free in SwiftShader. High CVE-2022-2855: Use after free in ANGLE. High CVE-2022-2857: Use after free in Blink. High CVE-2022-2858: Use after free in Sign-In Flow. High CVE-2022-2853: Heap buffer overflow in Downloads. High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Medium CVE-2022-2859: Use after free in Chrome OS Shell. Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Various fixes from internal audits, fuzzing and other initiatives

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / chromium-browser-stable

Package

Name: chromium-browser-stable
Purl: pkg:rpm/mageia/chromium-browser-stable?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

104.0.5112.101-1.mga8

Ecosystem specific

{
    "section": "core"
}