Lucene search

FreeBSD83EB9374-7B97-11ED-BE8F-3065EC8FD3EC

HistoryDec 13, 2022 - 12:00 a.m.

chromium -- multiple vulnerabilities

2022-12-1300:00:00

vuxml.freebsd.org

chromium

vulnerabilities

security fixes

use after free

blink media

mojo ipc

blink frames

aura

profiles

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

74.3%

JSON

Chrome Releases reports:

This release contains 8 security fixes, including:

[1383991] High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15
[1394692] High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30
[1381871] High CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07
[1392661] High CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22
[1382761] Medium CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium< 108.0.5359.124UNKNOWN
FreeBSDanynoarchungoogled-chromium< 108.0.5359.124UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	chromium	< 108.0.5359.124	UNKNOWN
FreeBSD	any	noarch	ungoogled-chromium	< 108.0.5359.124	UNKNOWN

References

chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for 83EB9374-7B97-11ED-BE8F-3065EC8FD3EC