Mageia 2022-0307: chromium-browser-stable security update | LinuxSe...
MGASA-2022-0307 - Updated chromium-browser-stable packages fix security vulnerability

Publication date: 25 Aug 2022
URL: https://advisories.mageia.org/MGASA-2022-0307.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-2852,
     CVE-2022-2853,
     CVE-2022-2854,
     CVE-2022-2855,
     CVE-2022-2856,
     CVE-2022-2857,
     CVE-2022-2858,
     CVE-2022-2859,
     CVE-2022-2860,
     CVE-2022-2861

The chromium-browser-stable package has been updated to the 104.0.5112.101
branch, fixing many bugs and 11 CVE. 
Google is aware that an exploit for CVE-2022-2856 exists in the wild.
Some of the addressed CVE are listed below:
Critical CVE-2022-2852: Use after free in FedCM.
High CVE-2022-2854: Use after free in SwiftShader.
High CVE-2022-2855: Use after free in ANGLE.
High CVE-2022-2857: Use after free in Blink.
High CVE-2022-2858: Use after free in Sign-In Flow.
High CVE-2022-2853: Heap buffer overflow in Downloads.
High CVE-2022-2856: Insufficient validation of untrusted input in Intents.
Medium CVE-2022-2859: Use after free in Chrome OS Shell.
Medium CVE-2022-2860: Insufficient policy enforcement in Cookies.
Medium CVE-2022-2861: Inappropriate implementation in Extensions API.
Various fixes from internal audits, fuzzing and other initiatives

References:
- https://bugs.mageia.org/show_bug.cgi?id=30756
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
- https://blog.chromium.org/2022/06/chrome-104-beta-new-media-query-syntax.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2852
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2853
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2854
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2855
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2856
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2857
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2858
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2859
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2860
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2861

SRPMS:
- 8/core/chromium-browser-stable-104.0.5112.101-1.mga8

Mageia 2022-0307: chromium-browser-stable security update

The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE

Summary

The chromium-browser-stable package has been updated to the 104.0.5112.101 branch, fixing many bugs and 11 CVE. Google is aware that an exploit for CVE-2022-2856 exists in the wild. Some of the addressed CVE are listed below: Critical CVE-2022-2852: Use after free in FedCM. High CVE-2022-2854: Use after free in SwiftShader. High CVE-2022-2855: Use after free in ANGLE. High CVE-2022-2857: Use after free in Blink. High CVE-2022-2858: Use after free in Sign-In Flow. High CVE-2022-2853: Heap buffer overflow in Downloads. High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Medium CVE-2022-2859: Use after free in Chrome OS Shell. Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Various fixes from internal audits, fuzzing and other initiatives

References

- https://bugs.mageia.org/show_bug.cgi?id=30756

- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html

- https://blog.chromium.org/2022/06/chrome-104-beta-new-media-query-syntax.html

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2852

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2853

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2854

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2855

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2856

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2857

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2858

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2859

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2860

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2861

Resolution

MGASA-2022-0307 - Updated chromium-browser-stable packages fix security vulnerability

SRPMS

- 8/core/chromium-browser-stable-104.0.5112.101-1.mga8

Severity
Publication date: 25 Aug 2022
URL: https://advisories.mageia.org/MGASA-2022-0307.html
Type: security
CVE: CVE-2022-2852, CVE-2022-2853, CVE-2022-2854, CVE-2022-2855, CVE-2022-2856, CVE-2022-2857, CVE-2022-2858, CVE-2022-2859, CVE-2022-2860, CVE-2022-2861

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.