{"id":"MGASA-2022-0146","summary":"Updated chromium-browser-stable packages fix security vulnerability","details":"The chromium-browser-stable package has been updated to the 100.0.4896.127\nversion, fixing many CVE, along with fixes from the 100.0.4896.75 and\n100.0.4896.88 versions.\n\nGoogle is aware that an exploit for CVE-2022-1364 exists in the wild.\n\n[1315901] High CVE-2022-1364: Type Confusion in V8. Reported by Clément\nLecigne of Google's Threat Analysis Group on 2022-04-13\n[1311641] High CVE-2022-1232: Type Confusion in V8. Reported by Sergei\nGlazunov of Google Project Zero on 2022-03-30\n[1285234] High CVE-2022-1305: Use after free in storage. Reported by\nAnonymous on 2022-01-07\n[1299287] High CVE-2022-1306: Inappropriate implementation in compositing.\nReported by Sven Dysthe on 2022-02-21\n[1301873] High CVE-2022-1307: Inappropriate implementation in full screen.\nReported by Irvan Kurniawan (sourc7) on 2022-03-01\n[1283050] High CVE-2022-1308: Use after free in BFCache. Reported by Samet\nBekmezci @sametbekmezci on 2021-12-28\n[1106456] High CVE-2022-1309: Insufficient policy enforcement in developer\ntools. Reported by David Erceg on 2020-07-17\n[1307610] High CVE-2022-1310: Use after free in regular expressions.\nReported by Brendon Tiszka on 2022-03-18\n[1310717] High CVE-2022-1311: Use after free in Chrome OS shell. Reported\nby Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on\n2022-03-28\n[1311701] High CVE-2022-1312: Use after free in storage. Reported by\nLeecraso and Guang Gong of 360 Vulnerability Research Institute on\n2022-03-30\n[1270539] Medium CVE-2022-1313: Use after free in tab groups. Reported by\nThomas Orlita on 2021-11-16\n[1304658] Medium CVE-2022-1314: Type Confusion in V8. Reported by Bohan\nLiu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-03-09\n[1315276] Various fixes from internal audits, fuzzing and other initiatives\n[1316420] Various fixes from internal audits, fuzzing and other initiatives\n","modified":"2026-04-16T00:11:52.294478846Z","published":"2022-04-18T20:00:03Z","upstream":["CVE-2022-1232","CVE-2022-1305","CVE-2022-1306","CVE-2022-1307","CVE-2022-1308","CVE-2022-1309","CVE-2022-1310","CVE-2022-1311","CVE-2022-1312","CVE-2022-1313","CVE-2022-1314","CVE-2022-1364"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0146.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30276"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30259"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html"}],"affected":[{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"100.0.4896.127-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0146.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}