MGASA-2022-0043 - Updated chromium-browser-stable packages fix security vulnerability

Publication date: 02 Feb 2022
URL: https://advisories.mageia.org/MGASA-2022-0043.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-0096,
     CVE-2022-0097,
     CVE-2022-0098,
     CVE-2022-0099,
     CVE-2022-0100,
     CVE-2022-0101,
     CVE-2022-0102,
     CVE-2022-0103,
     CVE-2022-0104,
     CVE-2022-0105,
     CVE-2022-0106,
     CVE-2022-0107,
     CVE-2022-0108,
     CVE-2022-0109,
     CVE-2022-0110,
     CVE-2022-0111,
     CVE-2022-0112,
     CVE-2022-0113,
     CVE-2022-0114,
     CVE-2022-0115,
     CVE-2022-0116,
     CVE-2022-0117,
     CVE-2022-0118,
     CVE-2022-0120,
     CVE-2022-0289,
     CVE-2022-0290,
     CVE-2022-0291,
     CVE-2022-0292,
     CVE-2022-0293,
     CVE-2022-0294,
     CVE-2022-0295,
     CVE-2022-0296,
     CVE-2022-0297,
     CVE-2022-0298,
     CVE-2022-0300,
     CVE-2022-0301,
     CVE-2022-0302,
     CVE-2022-0304,
     CVE-2022-0305,
     CVE-2022-0306,
     CVE-2022-0307,
     CVE-2022-0308,
     CVE-2022-0309,
     CVE-2022-0310,
     CVE-2022-0311,
     CVE-2022-0337

CVE-2022-0096: Use after free in Storage.
CVE-2022-0097: Inappropriate implementation in DevTools.
CVE-2022-0098: Use after free in Screen Capture.
CVE-2022-0099: Use after free in Sign-in.
CVE-2022-0100: Heap buffer overflow in Media streams API.
CVE-2022-0101: Heap buffer overflow in Bookmarks.
CVE-2022-0102: Type Confusion in V8.
CVE-2022-0103: Use after free in SwiftShader.
CVE-2022-0104: Heap buffer overflow in ANGLE.
CVE-2022-0105: Use after free in PDF.
CVE-2022-0106: Use after free in Autofill.
CVE-2022-0107: Use after free in File Manager API.
CVE-2022-0108: Inappropriate implementation in Navigation.
CVE-2022-0109: Inappropriate implementation in Autofill.
CVE-2022-0110: Incorrect security UI in Autofill.
CVE-2022-0111: Inappropriate implementation in Navigation.
CVE-2022-0112: Incorrect security UI in Browser UI.
CVE-2022-0113: Inappropriate implementation in Blink.
CVE-2022-0114: Out of bounds memory access in Web Serial.
CVE-2022-0115: Uninitialized Use in File API.
CVE-2022-0116: Inappropriate implementation in Compositing.
CVE-2022-0117: Policy bypass in Service Workers.
CVE-2022-0118: Inappropriate implementation in WebShare.
CVE-2022-0120: Inappropriate implementation in Passwords.
CVE-2022-0289: Use after free in Safe browsing.
CVE-2022-0290: Use after free in Site isolation.
CVE-2022-0291: Inappropriate implementation in Storage.
CVE-2022-0292: Inappropriate implementation in Fenced Frames.
CVE-2022-0293: Use after free in Web packaging.
CVE-2022-0294: Inappropriate implementation in Push messaging.
CVE-2022-0295: Use after free in Omnibox.
CVE-2022-0296: Use after free in Printing.
CVE-2022-0297: Use after free in Vulkan.
CVE-2022-0298: Use after free in Scheduling.
CVE-2022-0300: Use after free in Text Input Method Editor.
CVE-2022-0301: Heap buffer overflow in DevTools.
CVE-2022-0302: Use after free in Omnibox.
CVE-2022-0304: Use after free in Bookmarks.
CVE-2022-0305: Inappropriate implementation in Service Worker API.
CVE-2022-0306: Heap buffer overflow in PDFium.
CVE-2022-0307: Use after free in Optimization Guide.
CVE-2022-0308: Use after free in Data Transfer.
CVE-2022-0309: Inappropriate implementation in Autofill.
CVE-2022-0310: Heap buffer overflow in Task Manager.
CVE-2022-0311: Heap buffer overflow in Task Manager.
CVE-2022-0337: Inappropriate implementation in File System API.

References:
- https://bugs.mageia.org/show_bug.cgi?id=29846
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0096
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0097
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0098
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0099
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0100
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0101
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0102
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0103
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0104
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0105
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0106
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0107
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0108
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0109
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0110
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0111
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0112
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0113
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0114
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0115
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0116
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0117
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0118
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0120
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0289
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0290
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0291
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0292
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0293
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0294
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0295
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0296
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0297
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0298
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0300
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0301
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0302
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0304
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0305
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0306
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0307
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0308
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0309
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0310
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0311
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0337

SRPMS:
- 8/core/chromium-browser-stable-97.0.4692.99-1.mga8

Mageia 2022-0043: chromium-browser-stable security update

CVE-2022-0096: Use after free in Storage

Summary

CVE-2022-0096: Use after free in Storage. CVE-2022-0097: Inappropriate implementation in DevTools. CVE-2022-0098: Use after free in Screen Capture. CVE-2022-0099: Use after free in Sign-in. CVE-2022-0100: Heap buffer overflow in Media streams API. CVE-2022-0101: Heap buffer overflow in Bookmarks. CVE-2022-0102: Type Confusion in V8. CVE-2022-0103: Use after free in SwiftShader. CVE-2022-0104: Heap buffer overflow in ANGLE. CVE-2022-0105: Use after free in PDF. CVE-2022-0106: Use after free in Autofill. CVE-2022-0107: Use after free in File Manager API. CVE-2022-0108: Inappropriate implementation in Navigation. CVE-2022-0109: Inappropriate implementation in Autofill. CVE-2022-0110: Incorrect security UI in Autofill. CVE-2022-0111: Inappropriate implementation in Navigation. CVE-2022-0112: Incorrect security UI in Browser UI. CVE-2022-0113: Inappropriate implementation in Blink. CVE-2022-0114: Out of bounds memory access in Web Serial. CVE-2022-0115: Uninitialized Use in File API. CVE-2022-0116: Inappropriate implementation in Compositing. CVE-2022-0117: Policy bypass in Service Workers. CVE-2022-0118: Inappropriate implementation in WebShare. CVE-2022-0120: Inappropriate implementation in Passwords. CVE-2022-0289: Use after free in Safe browsing. CVE-2022-0290: Use after free in Site isolation. CVE-2022-0291: Inappropriate implementation in Storage. CVE-2022-0292: Inappropriate implementation in Fenced Frames. CVE-2022-0293: Use after free in Web packaging. CVE-2022-0294: Inappropriate implementation in Push messaging. CVE-2022-0295: Use after free in Omnibox. CVE-2022-0296: Use after free in Printing. CVE-2022-0297: Use after free in Vulkan. CVE-2022-0298: Use after free in Scheduling. CVE-2022-0300: Use after free in Text Input Method Editor. CVE-2022-0301: Heap buffer overflow in DevTools. CVE-2022-0302: Use after free in Omnibox. CVE-2022-0304: Use after free in Bookmarks. CVE-2022-0305: Inappropriate implementation in Service Worker API. CVE-2022-0306: Heap buffer overflow in PDFium. CVE-2022-0307: Use after free in Optimization Guide. CVE-2022-0308: Use after free in Data Transfer. CVE-2022-0309: Inappropriate implementation in Autofill. CVE-2022-0310: Heap buffer overflow in Task Manager. CVE-2022-0311: Heap buffer overflow in Task Manager. CVE-2022-0337: Inappropriate implementation in File System API.

References

- https://bugs.mageia.org/show_bug.cgi?id=29846

- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html

- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0096

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0097

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0098

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0099

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0100

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0101

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0102

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0103

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0104

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0105

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0106

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0107

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0108

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0109

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0110

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0111

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0112

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0113

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0114

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0115

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0116

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0117

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0118

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0120

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0289

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0290

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0291

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0292

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0293

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0294

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0295

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0296

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0297

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0298

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0300

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0301

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0302

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0304

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0305

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0306

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0307

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0308

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0309

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0310

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0311

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0337

Resolution

MGASA-2022-0043 - Updated chromium-browser-stable packages fix security vulnerability

SRPMS

- 8/core/chromium-browser-stable-97.0.4692.99-1.mga8

Severity
Publication date: 02 Feb 2022
URL: https://advisories.mageia.org/MGASA-2022-0043.html
Type: security
CVE: CVE-2022-0096, CVE-2022-0097, CVE-2022-0098, CVE-2022-0099, CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103, CVE-2022-0104, CVE-2022-0105, CVE-2022-0106, CVE-2022-0107, CVE-2022-0108, CVE-2022-0109, CVE-2022-0110, CVE-2022-0111, CVE-2022-0112, CVE-2022-0113, CVE-2022-0114, CVE-2022-0115, CVE-2022-0116, CVE-2022-0117, CVE-2022-0118, CVE-2022-0120, CVE-2022-0289, CVE-2022-0290, CVE-2022-0291, CVE-2022-0292, CVE-2022-0293, CVE-2022-0294, CVE-2022-0295, CVE-2022-0296, CVE-2022-0297, CVE-2022-0298, CVE-2022-0300, CVE-2022-0301, CVE-2022-0302, CVE-2022-0304, CVE-2022-0305, CVE-2022-0306, CVE-2022-0307, CVE-2022-0308, CVE-2022-0309, CVE-2022-0310, CVE-2022-0311, CVE-2022-0337

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved