MGASA-2022-0307

Source
https://advisories.mageia.org/MGASA-2022-0307.html
Import Source
https://advisories.mageia.org/MGASA-2022-0307.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2022-0307
Related
Published
2022-08-25T21:21:07Z
Modified
2022-08-25T20:18:25Z
Summary
Updated chromium-browser-stable packages fix security vulnerability
Details

The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE. Google is aware that an exploit for CVE-2022-2856 exists in the wild. Some of the addressed CVE are listed below: Critical CVE-2022-2852: Use after free in FedCM. High CVE-2022-2854: Use after free in SwiftShader. High CVE-2022-2855: Use after free in ANGLE. High CVE-2022-2857: Use after free in Blink. High CVE-2022-2858: Use after free in Sign-In Flow. High CVE-2022-2853: Heap buffer overflow in Downloads. High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Medium CVE-2022-2859: Use after free in Chrome OS Shell. Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Various fixes from internal audits, fuzzing and other initiatives

References
Credits

Affected packages

Mageia:8 / chromium-browser-stable

Package

Name
chromium-browser-stable
Purl
pkg:rpm/mageia/chromium-browser-stable?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
104.0.5112.101-1.mga8

Ecosystem specific

{
    "section": "core"
}