{"id":"MGASA-2022-0451","summary":"Updated chromium-browser-stable packages fix security vulnerability","details":"The chromium-browser-stable package has been updated to the new 108 branch\nwith the 108.0.5359.94 release, fixing many bugs and 29 vulnerabilities,\ntogether with 107.0.5304.121 and 108.0.5359.71.\n\nSome of the security fixes are -\n\nCVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy)\non 2022-10-27\nCVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and\nGuang Gong of 360 Vulnerability Research Institute on 2022-11-04\nCVE-2022-4176: Out of bounds write in Lacros Graphics. Reported by\n@ginggilBesel on 2022-09-08\nCVE-2022-4177: Use after free in Extensions. Reported by Chaoyuan Peng\n(@ret2happy) on 2022-10-28\nCVE-2022-4178: Use after free in Mojo. Reported by Sergei Glazunov of\nGoogle Project Zero on 2022-10-18\nCVE-2022-4179: Use after free in Audio. Reported by Sergei Glazunov of\nGoogle Project Zero on 2022-10-24\nCVE-2022-4180: Use after free in Mojo. Reported by Anonymous on 2022-10-26\nCVE-2022-4181: Use after free in Forms. Reported by Aviv A. on 2022-11-09\nCVE-2022-4182: Inappropriate implementation in Fenced Frames. Reported by\nPeter Nemeth on 2022-09-28\nCVE-2022-4183: Insufficient policy enforcement in Popup Blocker. Reported\nby David Sievers on 2021-09-22\nCVE-2022-4184: Insufficient policy enforcement in Autofill. Reported by\nAhmed ElMasry on 2022-09-01\nCVE-2022-4185: Inappropriate implementation in Navigation. Reported by\nJames Lee (@Windowsrcer) on 2022-10-10\nCVE-2022-4186: Insufficient validation of untrusted input in Downloads.\nReported by Luan Herrera (@lbherrera_) on 2022-10-21\nCVE-2022-4187: Insufficient policy enforcement in DevTools. Reported by\nAxel Chong on 2022-11-04\nCVE-2022-4188: Insufficient validation of untrusted input in CORS.\nReported by Philipp Beer (TU Wien) on 2022-06-30\nCVE-2022-4189: Insufficient policy enforcement in DevTools. Reported by\nNDevTK on 2022-07-15\nCVE-2022-4190: Insufficient data validation in Directory. Reported by\nAxel Chong on 2022-10-27\nCVE-2022-4191: Use after free in Sign-In. Reported by Jaehun Jeong(@n3sk)\nof Theori on 2022-10-12\nCVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci\n@sametbekmezci on 2022-07-14\nCVE-2022-4193: Insufficient policy enforcement in File System API.\nReported by Axel Chong on 2022-08-19\nCVE-2022-4194: Use after free in Accessibility. Reported by Anonymous on\n2022-10-03\nCVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Reported\nby Eric Lawrence of Microsoft on 2022-10-06\nCVE-2022-4135: Heap buffer overflow in GPU. Reported by Clement Lecigne of\nGoogle's Threat Analysis Group on 2022-11-22\nCVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of\nGoogle's Threat Analysis Group on 2022-11-29\n\nGoogle is aware that exploits for CVE-2022-4135 and CVE-2022-4262 exist\nin the wild.\n","modified":"2026-04-16T04:43:17.219054162Z","published":"2022-12-06T23:32:48Z","upstream":["CVE-2022-4135","CVE-2022-4174","CVE-2022-4175","CVE-2022-4176","CVE-2022-4177","CVE-2022-4178","CVE-2022-4179","CVE-2022-4180","CVE-2022-4181","CVE-2022-4182","CVE-2022-4183","CVE-2022-4184","CVE-2022-4185","CVE-2022-4186","CVE-2022-4187","CVE-2022-4188","CVE-2022-4189","CVE-2022-4190","CVE-2022-4191","CVE-2022-4192","CVE-2022-4193","CVE-2022-4194","CVE-2022-4195","CVE-2022-4262"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0451.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31205"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html"}],"affected":[{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"108.0.5359.94-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0451.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}