{"id":"MGASA-2022-0357","summary":"Updated chromium-browser-stable packages fix security vulnerability","details":"The chromium-browser-stable package has been updated to the new 106 branch\nwith the 106.0.5249.61 version, fixing many bugs and 20 vulnerabilities;\nit brings as well some improvements.\n\nSome of the security fixes are:\n\nHigh CVE-2022-3304: Use after free in CSS.\nHigh CVE-2022-3201: Insufficient validation of untrusted input in\nDeveloper Tools. Reported by NDevTK on 2022-07-09\nHigh CVE-2022-3305: Use after free in Survey. Reported by Nan\nWang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research\nInstitute on 2022-04-24\nHigh CVE-2022-3306: Use after free in Survey. Reported by Nan\nWang(@eternalsakura13) and Guang Gong of 360 Vulnerability\nResearch Institute on 2022-04-27\nHigh CVE-2022-3307: Use after free in Media. Reported by Anonymous\nTelecommunications Corp. Ltd. on 2022-05-08\nMedium CVE-2022-3308: Insufficient policy enforcement in Developer Tools.\nReported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08\nMedium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221\nof Ant Group Tianqiong Security Lab on 2022-07-29\nMedium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs.\nReported by Ashwin Agrawal from Optus, Sydney on 2021-08-16\nMedium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci\n@sametbekmezci on 2022-03-04\nMedium CVE-2022-3312: Insufficient validation of untrusted input in VPN.\nReported by Andr.Ess on 2022-03-06\nMedium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by\nIrvan Kurniawan (sourc7) on 2022-04-20\nMedium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on\n2022-05-24\nMedium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on\n2022-05-05\nLow CVE-2022-3316: Insufficient validation of untrusted input in Safe\nBrowsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07\nLow CVE-2022-3317: Insufficient validation of untrusted input in Intents.\nReported by Hafiizh on 2022-02-24\nLow CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by\nGraVity0 on 2022-04-22\n","modified":"2026-04-16T04:42:38.257708834Z","published":"2022-10-05T05:23:49Z","upstream":["CVE-2022-3201","CVE-2022-3304","CVE-2022-3305","CVE-2022-3306","CVE-2022-3307","CVE-2022-3308","CVE-2022-3309","CVE-2022-3310","CVE-2022-3311","CVE-2022-3312","CVE-2022-3313","CVE-2022-3314","CVE-2022-3315","CVE-2022-3316","CVE-2022-3317","CVE-2022-3318"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0357.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30905"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30802"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html"},{"type":"WEB","url":"https://blog.chromium.org/2022/09/chrome-106-beta-new-css-features.html"}],"affected":[{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"106.0.5249.91-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0357.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}