Fedora 35: chromium 2022-d1a15f9cdb | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-d1a15f9cdb
2022-03-11 14:43:31.710841
--------------------------------------------------------------------------------

Name        : chromium
Product     : Fedora 35
Version     : 99.0.4844.51
Release     : 1.fc35
URL         : https://www.chromium.org/Home
Summary     : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

Update Chromium to 99.0.4844.51. Fixes, well, a LOT of security bugs. Sorry
about that.  CVE-2021-22570 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098
CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103
CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108
CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113
CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118
CVE-2022-0120 CVE-2022-0789 CVE-2022-0790 CVE-2022-0791 CVE-2022-0792
CVE-2022-0793 CVE-2022-0794 CVE-2022-0795 CVE-2022-0796 CVE-2022-0797
CVE-2022-0798 CVE-2022-0799 CVE-2022-0800 CVE-2022-0801 CVE-2022-0802
CVE-2022-0803 CVE-2022-0804 CVE-2022-0805 CVE-2022-0806 CVE-2022-0807
CVE-2022-0808 CVE-2022-0809
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar  5 2022 Tom Callaway  - 99.0.4844.5-1
- update to 99.0.4844.5
* Fri Feb 25 2022 Tom Callaway  - 98.0.4758.102-1
- update to 98.0.4758.102
- fix build issue with subzero and gcc12
* Tue Feb  8 2022 Tom Callaway  - 98.0.4758.80-1
- update to 98.0.4758.80
* Sat Feb  5 2022 Jiri Vanek  - 96.0.4664.110-9
- Rebuilt for java-17-openjdk as system jdk
* Wed Jan 19 2022 Fedora Release Engineering  - 96.0.4664.110-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jan  5 2022 Tom Callaway  - 96.0.4664.110-7
- i hate regex. trying again
* Tue Jan  4 2022 Tom Callaway  - 96.0.4664.110-6
- always filter provides, was previously inside conditional for shared builds
* Mon Jan  3 2022 Tom Callaway  - 96.0.4664.110-5
- fix provides filtering to be more inclusive (and work properly)
* Thu Dec 30 2021 Tom Callaway  - 96.0.4664.110-4
- package up more swiftshader/angle stuff
- move swiftshader files to -common so headless can use them
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2037457 - CVE-2022-0096 chromium-browser: Use after free in Storage
        https://bugzilla.redhat.com/show_bug.cgi?id=2037457
  [ 2 ] Bug #2037458 - CVE-2022-0097 chromium-browser: Inappropriate implementation in DevTools
        https://bugzilla.redhat.com/show_bug.cgi?id=2037458
  [ 3 ] Bug #2037459 - CVE-2022-0098 chromium-browser: Use after free in Screen Capture
        https://bugzilla.redhat.com/show_bug.cgi?id=2037459
  [ 4 ] Bug #2037460 - CVE-2022-0099 chromium-browser: Use after free in Sign-in
        https://bugzilla.redhat.com/show_bug.cgi?id=2037460
  [ 5 ] Bug #2037461 - CVE-2022-0100 chromium-browser: Heap buffer overflow in Media streams API
        https://bugzilla.redhat.com/show_bug.cgi?id=2037461
  [ 6 ] Bug #2037462 - CVE-2022-0101 chromium-browser: Heap buffer overflow in Bookmarks
        https://bugzilla.redhat.com/show_bug.cgi?id=2037462
  [ 7 ] Bug #2037463 - CVE-2022-0102 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=2037463
  [ 8 ] Bug #2037464 - CVE-2022-0103 chromium-browser: Use after free in SwiftShader
        https://bugzilla.redhat.com/show_bug.cgi?id=2037464
  [ 9 ] Bug #2037465 - CVE-2022-0104 chromium-browser: Heap buffer overflow in ANGLE
        https://bugzilla.redhat.com/show_bug.cgi?id=2037465
  [ 10 ] Bug #2037466 - CVE-2022-0105 chromium-browser: Use after free in PDF
        https://bugzilla.redhat.com/show_bug.cgi?id=2037466
  [ 11 ] Bug #2037467 - CVE-2022-0106 chromium-browser: Use after free in Autofill
        https://bugzilla.redhat.com/show_bug.cgi?id=2037467
  [ 12 ] Bug #2037468 - CVE-2022-0107 chromium-browser: Use after free in File Manager API
        https://bugzilla.redhat.com/show_bug.cgi?id=2037468
  [ 13 ] Bug #2037469 - CVE-2022-0108 chromium-browser: Inappropriate implementation in Navigation
        https://bugzilla.redhat.com/show_bug.cgi?id=2037469
  [ 14 ] Bug #2037470 - CVE-2022-0109 chromium-browser: Inappropriate implementation in Autofill
        https://bugzilla.redhat.com/show_bug.cgi?id=2037470
  [ 15 ] Bug #2037471 - CVE-2022-0110 chromium-browser: Incorrect security UI in Autofill
        https://bugzilla.redhat.com/show_bug.cgi?id=2037471
  [ 16 ] Bug #2037472 - CVE-2022-0111 chromium-browser: Inappropriate implementation in Navigation
        https://bugzilla.redhat.com/show_bug.cgi?id=2037472
  [ 17 ] Bug #2037473 - CVE-2022-0112 chromium-browser: Incorrect security UI in Browser UI
        https://bugzilla.redhat.com/show_bug.cgi?id=2037473
  [ 18 ] Bug #2037474 - CVE-2022-0113 chromium-browser: Inappropriate implementation in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=2037474
  [ 19 ] Bug #2037475 - CVE-2022-0114 chromium-browser: Out of bounds memory access in Web Serial
        https://bugzilla.redhat.com/show_bug.cgi?id=2037475
  [ 20 ] Bug #2037476 - CVE-2022-0115 chromium-browser: Uninitialized Use in File API
        https://bugzilla.redhat.com/show_bug.cgi?id=2037476
  [ 21 ] Bug #2037477 - CVE-2022-0116 chromium-browser: Inappropriate implementation in Compositing
        https://bugzilla.redhat.com/show_bug.cgi?id=2037477
  [ 22 ] Bug #2037478 - CVE-2022-0117 chromium-browser: Policy bypass in Service Workers
        https://bugzilla.redhat.com/show_bug.cgi?id=2037478
  [ 23 ] Bug #2037479 - CVE-2022-0118 chromium-browser: Inappropriate implementation in WebShare
        https://bugzilla.redhat.com/show_bug.cgi?id=2037479
  [ 24 ] Bug #2037480 - CVE-2022-0120 chromium-browser: Inappropriate implementation in Passwords
        https://bugzilla.redhat.com/show_bug.cgi?id=2037480
  [ 25 ] Bug #2049429 - CVE-2021-22570 protobuf: Incorrect parsing of nullchar in the proto symbol  leads to  Nullptr dereference
        https://bugzilla.redhat.com/show_bug.cgi?id=2049429
  [ 26 ] Bug #2059898 - CVE-2022-0789 chromium-browser: Heap buffer overflow in ANGLE
        https://bugzilla.redhat.com/show_bug.cgi?id=2059898
  [ 27 ] Bug #2059900 - CVE-2022-0791 chromium-browser: Use after free in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=2059900
  [ 28 ] Bug #2059901 - CVE-2022-0792 chromium-browser: Out of bounds read in ANGLE
        https://bugzilla.redhat.com/show_bug.cgi?id=2059901
  [ 29 ] Bug #2059902 - CVE-2022-0793 chromium-browser: Use after free in Views
        https://bugzilla.redhat.com/show_bug.cgi?id=2059902
  [ 30 ] Bug #2059905 - CVE-2022-0796 chromium-browser: Use after free in Media
        https://bugzilla.redhat.com/show_bug.cgi?id=2059905
  [ 31 ] Bug #2059910 - CVE-2022-0801 chromium-browser: Inappropriate implementation in HTML parser
        https://bugzilla.redhat.com/show_bug.cgi?id=2059910
  [ 32 ] Bug #2059911 - CVE-2022-0802 chromium-browser: Inappropriate implementation in Full screen mode
        https://bugzilla.redhat.com/show_bug.cgi?id=2059911
  [ 33 ] Bug #2059912 - CVE-2022-0803 chromium-browser: Inappropriate implementation in Permissions
        https://bugzilla.redhat.com/show_bug.cgi?id=2059912
  [ 34 ] Bug #2059913 - CVE-2022-0804 chromium-browser: Inappropriate implementation in Full screen mode
        https://bugzilla.redhat.com/show_bug.cgi?id=2059913
  [ 35 ] Bug #2059914 - CVE-2022-0805 chromium-browser: Use after free in Browser Switcher
        https://bugzilla.redhat.com/show_bug.cgi?id=2059914
  [ 36 ] Bug #2059915 - CVE-2022-0806 chromium-browser: Data leak in Canvas
        https://bugzilla.redhat.com/show_bug.cgi?id=2059915
  [ 37 ] Bug #2059916 - CVE-2022-0807 chromium-browser: Inappropriate implementation in Autofill
        https://bugzilla.redhat.com/show_bug.cgi?id=2059916
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-d1a15f9cdb' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 35: chromium 2022-d1a15f9cdb

March 11, 2022
Update Chromium to 99.0.4844.51

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

Update Chromium to 99.0.4844.51. Fixes, well, a LOT of security bugs. Sorry about that. CVE-2021-22570 CVE-2022-0096 CVE-2022-0097 CVE-2022-0098 CVE-2022-0099 CVE-2022-0100 CVE-2022-0101 CVE-2022-0102 CVE-2022-0103 CVE-2022-0104 CVE-2022-0105 CVE-2022-0106 CVE-2022-0107 CVE-2022-0108 CVE-2022-0109 CVE-2022-0110 CVE-2022-0111 CVE-2022-0112 CVE-2022-0113 CVE-2022-0114 CVE-2022-0115 CVE-2022-0116 CVE-2022-0117 CVE-2022-0118 CVE-2022-0120 CVE-2022-0789 CVE-2022-0790 CVE-2022-0791 CVE-2022-0792 CVE-2022-0793 CVE-2022-0794 CVE-2022-0795 CVE-2022-0796 CVE-2022-0797 CVE-2022-0798 CVE-2022-0799 CVE-2022-0800 CVE-2022-0801 CVE-2022-0802 CVE-2022-0803 CVE-2022-0804 CVE-2022-0805 CVE-2022-0806 CVE-2022-0807 CVE-2022-0808 CVE-2022-0809

Change Log

* Sat Mar 5 2022 Tom Callaway - 99.0.4844.5-1 - update to 99.0.4844.5 * Fri Feb 25 2022 Tom Callaway - 98.0.4758.102-1 - update to 98.0.4758.102 - fix build issue with subzero and gcc12 * Tue Feb 8 2022 Tom Callaway - 98.0.4758.80-1 - update to 98.0.4758.80 * Sat Feb 5 2022 Jiri Vanek - 96.0.4664.110-9 - Rebuilt for java-17-openjdk as system jdk * Wed Jan 19 2022 Fedora Release Engineering - 96.0.4664.110-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Wed Jan 5 2022 Tom Callaway - 96.0.4664.110-7 - i hate regex. trying again * Tue Jan 4 2022 Tom Callaway - 96.0.4664.110-6 - always filter provides, was previously inside conditional for shared builds * Mon Jan 3 2022 Tom Callaway - 96.0.4664.110-5 - fix provides filtering to be more inclusive (and work properly) * Thu Dec 30 2021 Tom Callaway - 96.0.4664.110-4 - package up more swiftshader/angle stuff - move swiftshader files to -common so headless can use them

References

[ 1 ] Bug #2037457 - CVE-2022-0096 chromium-browser: Use after free in Storage https://bugzilla.redhat.com/show_bug.cgi?id=2037457 [ 2 ] Bug #2037458 - CVE-2022-0097 chromium-browser: Inappropriate implementation in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=2037458 [ 3 ] Bug #2037459 - CVE-2022-0098 chromium-browser: Use after free in Screen Capture https://bugzilla.redhat.com/show_bug.cgi?id=2037459 [ 4 ] Bug #2037460 - CVE-2022-0099 chromium-browser: Use after free in Sign-in https://bugzilla.redhat.com/show_bug.cgi?id=2037460 [ 5 ] Bug #2037461 - CVE-2022-0100 chromium-browser: Heap buffer overflow in Media streams API https://bugzilla.redhat.com/show_bug.cgi?id=2037461 [ 6 ] Bug #2037462 - CVE-2022-0101 chromium-browser: Heap buffer overflow in Bookmarks https://bugzilla.redhat.com/show_bug.cgi?id=2037462 [ 7 ] Bug #2037463 - CVE-2022-0102 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2037463 [ 8 ] Bug #2037464 - CVE-2022-0103 chromium-browser: Use after free in SwiftShader https://bugzilla.redhat.com/show_bug.cgi?id=2037464 [ 9 ] Bug #2037465 - CVE-2022-0104 chromium-browser: Heap buffer overflow in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2037465 [ 10 ] Bug #2037466 - CVE-2022-0105 chromium-browser: Use after free in PDF https://bugzilla.redhat.com/show_bug.cgi?id=2037466 [ 11 ] Bug #2037467 - CVE-2022-0106 chromium-browser: Use after free in Autofill https://bugzilla.redhat.com/show_bug.cgi?id=2037467 [ 12 ] Bug #2037468 - CVE-2022-0107 chromium-browser: Use after free in File Manager API https://bugzilla.redhat.com/show_bug.cgi?id=2037468 [ 13 ] Bug #2037469 - CVE-2022-0108 chromium-browser: Inappropriate implementation in Navigation https://bugzilla.redhat.com/show_bug.cgi?id=2037469 [ 14 ] Bug #2037470 - CVE-2022-0109 chromium-browser: Inappropriate implementation in Autofill https://bugzilla.redhat.com/show_bug.cgi?id=2037470 [ 15 ] Bug #2037471 - CVE-2022-0110 chromium-browser: Incorrect security UI in Autofill https://bugzilla.redhat.com/show_bug.cgi?id=2037471 [ 16 ] Bug #2037472 - CVE-2022-0111 chromium-browser: Inappropriate implementation in Navigation https://bugzilla.redhat.com/show_bug.cgi?id=2037472 [ 17 ] Bug #2037473 - CVE-2022-0112 chromium-browser: Incorrect security UI in Browser UI https://bugzilla.redhat.com/show_bug.cgi?id=2037473 [ 18 ] Bug #2037474 - CVE-2022-0113 chromium-browser: Inappropriate implementation in Blink https://bugzilla.redhat.com/show_bug.cgi?id=2037474 [ 19 ] Bug #2037475 - CVE-2022-0114 chromium-browser: Out of bounds memory access in Web Serial https://bugzilla.redhat.com/show_bug.cgi?id=2037475 [ 20 ] Bug #2037476 - CVE-2022-0115 chromium-browser: Uninitialized Use in File API https://bugzilla.redhat.com/show_bug.cgi?id=2037476 [ 21 ] Bug #2037477 - CVE-2022-0116 chromium-browser: Inappropriate implementation in Compositing https://bugzilla.redhat.com/show_bug.cgi?id=2037477 [ 22 ] Bug #2037478 - CVE-2022-0117 chromium-browser: Policy bypass in Service Workers https://bugzilla.redhat.com/show_bug.cgi?id=2037478 [ 23 ] Bug #2037479 - CVE-2022-0118 chromium-browser: Inappropriate implementation in WebShare https://bugzilla.redhat.com/show_bug.cgi?id=2037479 [ 24 ] Bug #2037480 - CVE-2022-0120 chromium-browser: Inappropriate implementation in Passwords https://bugzilla.redhat.com/show_bug.cgi?id=2037480 [ 25 ] Bug #2049429 - CVE-2021-22570 protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference https://bugzilla.redhat.com/show_bug.cgi?id=2049429 [ 26 ] Bug #2059898 - CVE-2022-0789 chromium-browser: Heap buffer overflow in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2059898 [ 27 ] Bug #2059900 - CVE-2022-0791 chromium-browser: Use after free in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=2059900 [ 28 ] Bug #2059901 - CVE-2022-0792 chromium-browser: Out of bounds read in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=2059901 [ 29 ] Bug #2059902 - CVE-2022-0793 chromium-browser: Use after free in Views https://bugzilla.redhat.com/show_bug.cgi?id=2059902 [ 30 ] Bug #2059905 - CVE-2022-0796 chromium-browser: Use after free in Media https://bugzilla.redhat.com/show_bug.cgi?id=2059905 [ 31 ] Bug #2059910 - CVE-2022-0801 chromium-browser: Inappropriate implementation in HTML parser https://bugzilla.redhat.com/show_bug.cgi?id=2059910 [ 32 ] Bug #2059911 - CVE-2022-0802 chromium-browser: Inappropriate implementation in Full screen mode https://bugzilla.redhat.com/show_bug.cgi?id=2059911 [ 33 ] Bug #2059912 - CVE-2022-0803 chromium-browser: Inappropriate implementation in Permissions https://bugzilla.redhat.com/show_bug.cgi?id=2059912 [ 34 ] Bug #2059913 - CVE-2022-0804 chromium-browser: Inappropriate implementation in Full screen mode https://bugzilla.redhat.com/show_bug.cgi?id=2059913 [ 35 ] Bug #2059914 - CVE-2022-0805 chromium-browser: Use after free in Browser Switcher https://bugzilla.redhat.com/show_bug.cgi?id=2059914 [ 36 ] Bug #2059915 - CVE-2022-0806 chromium-browser: Data leak in Canvas https://bugzilla.redhat.com/show_bug.cgi?id=2059915 [ 37 ] Bug #2059916 - CVE-2022-0807 chromium-browser: Inappropriate implementation in Autofill https://bugzilla.redhat.com/show_bug.cgi?id=2059916

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-d1a15f9cdb' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : chromium
Product : Fedora 35
Version : 99.0.4844.51
Release : 1.fc35
URL : https://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use

Related News

Google Discloses CentOS Linux Kernel Vulnerabilities Following Failure to Issue Timely Fixes

Tails 5.11 Amnesic Incognito Live System Switches to ZRam and Linux Kernel 6.1 LTS

5 Best free to use Linux Server distributions for 2023

Kali Linux 2023.1 Introduces 'Purple' Distro for Defensive Security

News

Advisories

HOWTOs

Features

Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories
Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy