Alerts This Week
Warning Icon 1 924
Alerts This Week
Warning Icon 1 924

MGASA-2022-0307 Critical: Chromium-Browser Exploit Mitigation on Mageia

mageia
Calendar Grey August 25, 2022
Dist Mageia Esm H88
MGASA-2022-0308 tackles a critical vulnerability in firefox-browser-stable on Mageia, strengthening overall protection.
The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE

Summary

The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE. Google is aware that an exploit for CVE-2022-2856 exists in the wild. Some of the addressed CVE are listed below: Critical CVE-2022-2852: Use after free in FedCM. High CVE-2022-2854: Use after free in SwiftShader. High CVE-2022-2855: Use after free in ANGLE. High CVE-2022-2857: Use after free in Blink. High CVE-2022-2858: Use after free in Sign-In Flow. High CVE-2022-2853: Heap buffer overflow in Downloads. High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Medium CVE-2022-2859: Use after free in Chrome OS Shell. Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Various fixes from internal audits, fuzzing and other initiatives

References

- https://bugs.mageia.org/show_bug.cgi?id=30756

- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html

- https://blog.chromium.org/2022/06/chrome-104-beta-new-media-query-syntax.html

- https://www.cve.org/CVERecord?id=CVE-2022-2852

- https://www.cve.org/CVERecord?id=CVE-2022-2853

- https://www.cve.org/CVERecord?id=CVE-2022-2854

- https://www.cve.org/CVERecord?id=CVE-2022-2855

- https://www.cve.org/CVERecord?id=CVE-2022-2856

- https://www.cve.org/CVERecord?id=CVE-2022-2857

- https://www.cve.org/CVERecord?id=CVE-2022-2858

- https://www.cve.org/CVERecord?id=CVE-2022-2859

- https://www.cve.org/CVERecord?id=CVE-2022-2860

- https://www.cve.org/CVERecord?id=CVE-2022-2861

Topics%20covered

Topics Covered

security advisory update critical exploit CVE issue chromium-browser Mageia

Resolution

SRPMS

- 8/core/chromium-browser-stable-104.0.5112.101-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 25 Aug 2022
URL: https://advisories.mageia.org/MGASA-2022-0307.html
Type: security
CVE: CVE-2022-2852, CVE-2022-2853, CVE-2022-2854, CVE-2022-2855, CVE-2022-2856, CVE-2022-2857, CVE-2022-2858, CVE-2022-2859, CVE-2022-2860, CVE-2022-2861

Topics%20covered

Topics Covered

security advisory update critical exploit CVE issue chromium-browser Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here