Mageia 2022-0307: chromium-browser-stable security update
Summary
The chromium-browser-stable package has been updated to the 104.0.5112.101
branch, fixing many bugs and 11 CVE.
Google is aware that an exploit for CVE-2022-2856 exists in the wild.
Some of the addressed CVE are listed below:
Critical CVE-2022-2852: Use after free in FedCM.
High CVE-2022-2854: Use after free in SwiftShader.
High CVE-2022-2855: Use after free in ANGLE.
High CVE-2022-2857: Use after free in Blink.
High CVE-2022-2858: Use after free in Sign-In Flow.
High CVE-2022-2853: Heap buffer overflow in Downloads.
High CVE-2022-2856: Insufficient validation of untrusted input in Intents.
Medium CVE-2022-2859: Use after free in Chrome OS Shell.
Medium CVE-2022-2860: Insufficient policy enforcement in Cookies.
Medium CVE-2022-2861: Inappropriate implementation in Extensions API.
Various fixes from internal audits, fuzzing and other initiatives
References
- https://bugs.mageia.org/show_bug.cgi?id=30756
- https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
- https://blog.chromium.org/2022/06/chrome-104-beta-new-media-query-syntax.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2852
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2853
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2854
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2855
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2856
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2857
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2858
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2859
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2860
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2861
Resolution
MGASA-2022-0307 - Updated chromium-browser-stable packages fix security vulnerability
SRPMS
- 8/core/chromium-browser-stable-104.0.5112.101-1.mga8
