Advisories ยป MGASA-2022-0307

Updated chromium-browser-stable packages fix security vulnerability

Publication date: 25 Aug 2022
Modification date: 25 Aug 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-2852 , CVE-2022-2853 , CVE-2022-2854 , CVE-2022-2855 , CVE-2022-2856 , CVE-2022-2857 , CVE-2022-2858 , CVE-2022-2859 , CVE-2022-2860 , CVE-2022-2861

Description

The chromium-browser-stable package has been updated to the 104.0.5112.101
branch, fixing many bugs and 11 CVE. 
Google is aware that an exploit for CVE-2022-2856 exists in the wild.
Some of the addressed CVE are listed below:
Critical CVE-2022-2852: Use after free in FedCM.
High CVE-2022-2854: Use after free in SwiftShader.
High CVE-2022-2855: Use after free in ANGLE.
High CVE-2022-2857: Use after free in Blink.
High CVE-2022-2858: Use after free in Sign-In Flow.
High CVE-2022-2853: Heap buffer overflow in Downloads.
High CVE-2022-2856: Insufficient validation of untrusted input in Intents.
Medium CVE-2022-2859: Use after free in Chrome OS Shell.
Medium CVE-2022-2860: Insufficient policy enforcement in Cookies.
Medium CVE-2022-2861: Inappropriate implementation in Extensions API.
Various fixes from internal audits, fuzzing and other initiatives

References

SRPMS

8/core