Lucene search

Gentoo FoundationMGASA-2022-0211

HistoryMay 28, 2022 - 11:56 a.m.

Updated chromium-browser-stable packages fix security vulnerability

2022-05-2811:56:13

Gentoo Foundation

advisories.mageia.org

chromium-browser-stable

security vulnerability

update

32 cves

version 102.0.5005.61

bug fixes

indexed db

angle

messaging

user education

file system api

devtools

performance manager

ui foundations

sharing

extensions

tab groups

webapp installs

bookmarks

tablet mode

data transfer

app service

coop

safe browsing

pdf

heap buffer overflow

unix

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.004

Percentile

72.6%

JSON

The chromium-browser-stable package has been updated to the 102.0.5005.61 version, fixing many bugs and 32 CVE. Some of them are listed below: CVE-2022-1853: Use after free in Indexed DB. CVE-2022-1854: Use after free in ANGLE. CVE-2022-1855: Use after free in Messaging. CVE-2022-1856: Use after free in User Education. CVE-2022-1857: Insufficient policy enforcement in File System API. CVE-2022-1858: Out of bounds read in DevTools. CVE-2022-1859: Use after free in Performance Manager. CVE-2022-1860: Use after free in UI Foundations. CVE-2022-1861: Use after free in Sharing. CVE-2022-1862: Inappropriate implementation in Extensions. CVE-2022-1863: Use after free in Tab Groups. CVE-2022-1864: Use after free in WebApp Installs. CVE-2022-1865: Use after free in Bookmarks. CVE-2022-1866: Use after free in Tablet Mode. CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. CVE-2022-1868: Inappropriate implementation in Extensions API. CVE-2022-1869: Type Confusion in V8. CVE-2022-1870: Use after free in App Service. CVE-2022-1871: Insufficient policy enforcement in File System API. CVE-2022-1872: Insufficient policy enforcement in Extensions API. CVE-2022-1873: Insufficient policy enforcement in COOP. CVE-2022-1874: Insufficient policy enforcement in Safe Browsing. CVE-2022-1875: Inappropriate implementation in PDF. CVE-2022-1876: Heap buffer overflow in DevTools. Various fixes from internal audits, fuzzing and other initiatives.

OSVersionArchitecturePackageVersionFilename
Mageia8noarchchromium-browser-stable< 102.0.5005.61-1chromium-browser-stable-102.0.5005.61-1.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	chromium-browser-stable	< 102.0.5005.61-1	chromium-browser-stable-102.0.5005.61-1.mga8

References

blog.chromium.org/2022/04/chrome-102-window-controls-overlay-host.html

bugs.mageia.org/show_bug.cgi?id=30470

chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.004

Percentile

72.6%

JSON

Related for MGASA-2022-0211