MGASA-2022-0130 - Updated chromium-browser-stable packages fix security vulnerability

Publication date: 05 Apr 2022
URL: https://advisories.mageia.org/MGASA-2022-0130.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-1125,
     CVE-2022-1127,
     CVE-2022-1128,
     CVE-2022-1129,
     CVE-2022-1130,
     CVE-2022-1131,
     CVE-2022-1132,
     CVE-2022-1133,
     CVE-2022-1134,
     CVE-2022-1135,
     CVE-2022-1136,
     CVE-2022-1137,
     CVE-2022-1138,
     CVE-2022-1139,
     CVE-2022-1141,
     CVE-2022-1142,
     CVE-2022-1143,
     CVE-2022-1144,
     CVE-2022-1145,
     CVE-2022-1146

Use after free in Portals. (CVE-2022-1125)
Use after free in QR Code Generator. (CVE-2022-1127)
Inappropriate implementation in Web Share API. (CVE-2022-1128)
Inappropriate implementation in Full Screen Mode. (CVE-2022-1129)
Insufficient validation of untrusted input in WebOTP. (CVE-2022-1130)
Use after free in Cast UI. (CVE-2022-1131)
Inappropriate implementation in Virtual Keyboard. (CVE-2022-1132)
Use after free in WebRTC. (CVE-2022-1133)
Type Confusion in V8. (CVE-2022-1134)
Use after free in Shopping Cart. (CVE-2022-1135)
Use after free in Tab Strip. (CVE-2022-1136)
Inappropriate implementation in Extensions. (CVE-2022-1137)
Inappropriate implementation in Web Cursor. (CVE-2022-1138)
Inappropriate implementation in Background Fetch API. (CVE-2022-1139)
Use after free in File Manager. (CVE-2022-1141)
Heap buffer overflow in WebUI. (CVE-2022-1142)
Heap buffer overflow in WebUI. (CVE-2022-1143)
Use after free in WebUI. (CVE-2022-1144)
Use after free in Extensions. (CVE-2022-1145)
Inappropriate implementation in Resource Timing. (CVE-2022-1146)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30222
- https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1125
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1127
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1128
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1129
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1130
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1131
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1132
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1133
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1134
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1135
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1136
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1137
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1139
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1141
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1142
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1143
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1144
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1145
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1146

SRPMS:
- 8/core/chromium-browser-stable-100.0.4896.60-1.mga8