MGASA-2022-0357

Source
https://advisories.mageia.org/MGASA-2022-0357.html
Import Source
https://advisories.mageia.org/MGASA-2022-0357.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2022-0357
Related
Published
2022-10-05T05:23:49Z
Modified
2022-10-05T04:16:32Z
Summary
Updated chromium-browser-stable packages fix security vulnerability
Details

The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.61 version, fixing many bugs and 20 vulnerabilities; it brings as well some improvements.

Some of the security fixes are:

High CVE-2022-3304: Use after free in CSS. High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09 High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24 High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27 High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08 Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08 Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29 Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16 Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04 Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06 Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20 Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24 Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05 Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07 Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24 Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22

References
Credits

Affected packages

Mageia:8 / chromium-browser-stable

Package

Name
chromium-browser-stable
Purl
pkg:rpm/mageia/chromium-browser-stable?distro=mageia-8

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
106.0.5249.91-1.mga8

Ecosystem specific

{
    "section": "core"
}