{ "schema_version": "1.7.0", "id": "MGASA-2022-0357", "published": "2022-10-05T05:23:49Z", "modified": "2022-10-05T04:16:32Z", "summary": "Updated chromium-browser-stable packages fix security vulnerability", "details": "The chromium-browser-stable package has been updated to the new 106 branch\nwith the 106.0.5249.61 version, fixing many bugs and 20 vulnerabilities;\nit brings as well some improvements.\n\nSome of the security fixes are:\n\nHigh CVE-2022-3304: Use after free in CSS.\nHigh CVE-2022-3201: Insufficient validation of untrusted input in\nDeveloper Tools. Reported by NDevTK on 2022-07-09\nHigh CVE-2022-3305: Use after free in Survey. Reported by Nan\nWang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research\nInstitute on 2022-04-24\nHigh CVE-2022-3306: Use after free in Survey. Reported by Nan\nWang(@eternalsakura13) and Guang Gong of 360 Vulnerability\nResearch Institute on 2022-04-27\nHigh CVE-2022-3307: Use after free in Media. Reported by Anonymous\nTelecommunications Corp. Ltd. on 2022-05-08\nMedium CVE-2022-3308: Insufficient policy enforcement in Developer Tools.\nReported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08\nMedium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221\nof Ant Group Tianqiong Security Lab on 2022-07-29\nMedium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs.\nReported by Ashwin Agrawal from Optus, Sydney on 2021-08-16\nMedium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci\n@sametbekmezci on 2022-03-04\nMedium CVE-2022-3312: Insufficient validation of untrusted input in VPN.\nReported by Andr.Ess on 2022-03-06\nMedium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by\nIrvan Kurniawan (sourc7) on 2022-04-20\nMedium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on\n2022-05-24\nMedium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on\n2022-05-05\nLow CVE-2022-3316: Insufficient validation of untrusted input in Safe\nBrowsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07\nLow CVE-2022-3317: Insufficient validation of untrusted input in Intents.\nReported by Hafiizh on 2022-02-24\nLow CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by\nGraVity0 on 2022-04-22\n", "upstream": [ "CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2022-0357.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=30905" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=30802" }, { "type": "WEB", "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html" }, { "type": "WEB", "url": "https://blog.chromium.org/2022/09/chrome-106-beta-new-css-features.html" } ], "affected": [ { "package": { "ecosystem": "Mageia:8", "name": "chromium-browser-stable", "purl": "pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-8" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "106.0.5249.91-1.mga8" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }