{"id":"MGASA-2022-0277","summary":"Updated chromium-browser-stable packages fix security vulnerability","details":"[1325699] High CVE-2022-2603: Use after free in Omnibox. Reported by\nAnonymous on 2022-05-16\n[1335316] High CVE-2022-2604: Use after free in Safe Browsing. Reported by\nNan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-10\n[1338470] High CVE-2022-2605: Out of bounds read in Dawn. Reported by\nLooben Yang on 2022-06-22\n[1330489] High CVE-2022-2606: Use after free in Managed devices API.\nReported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab\non 2022-05-31\n[1286203] High CVE-2022-2607: Use after free in Tab Strip. Reported by\n@ginggilBesel on 2022-01-11\n[1330775] High CVE-2022-2608: Use after free in Overview Mode. Reported by\nKhalil Zhani on 2022-06-01\n[1338560] High CVE-2022-2609: Use after free in Nearby Share. Reported by\nkoocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute\non 2022-06-22\n[1278255] Medium CVE-2022-2610: Insufficient policy enforcement in\nBackground Fetch. Reported by Maurice Dauer on 2021-12-09\n[1320538] Medium CVE-2022-2611: Inappropriate implementation in Fullscreen\nAPI. Reported by Irvan Kurniawan (sourc7) on 2022-04-28\n[1321350] Medium CVE-2022-2612: Side-channel information leakage in\nKeyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin\nSchwarzl (martin.schwarzl@iaik.tugraz.at) on 2022-04-30\n[1325256] Medium CVE-2022-2613: Use after free in Input. Reported by Piotr\nTworek (Vewd) on 2022-05-13\n[1341907] Medium CVE-2022-2614: Use after free in Sign-In Flow. Reported\nby raven at KunLun lab on 2022-07-05\n[1268580] Medium CVE-2022-2615: Insufficient policy enforcement in\nCookies. Reported by Maurice Dauer on 2021-11-10\n[1302159] Medium CVE-2022-2616: Inappropriate implementation in Extensions\nAPI. Reported by Alesandro Ortiz on 2022-03-02\n[1292451] Medium CVE-2022-2617: Use after free in Extensions API. Reported\nby @ginggilBesel on 2022-01-31\n[1308422] Medium CVE-2022-2618: Insufficient validation of untrusted input\nin Internals. Reported by asnine on 2022-03-21\n[1332881] Medium CVE-2022-2619: Insufficient validation of untrusted input\nin Settings. Reported by Oliver Dunk on 2022-06-04\n[1337304] Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan\nWang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-17\n[1323449] Medium CVE-2022-2621: Use after free in Extensions. Reported by\nHuyna at Viettel Cyber Security on 2022-05-07\n[1332392] Medium CVE-2022-2622: Insufficient validation of untrusted input\nin Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean on\n2022-06-03\n[1337798] Medium CVE-2022-2623: Use after free in Offline. Reported by\nraven at KunLun lab on 2022-06-20\n[1339745] Medium CVE-2022-2624: Heap buffer overflow in PDF. Reported by\nYU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program\non 2022-06-27\n[1251653] Various fixes from internal audits, fuzzing and other initiatives\n","modified":"2026-04-16T00:10:23.746681224Z","published":"2022-08-05T21:00:44Z","upstream":["CVE-2022-2603","CVE-2022-2604","CVE-2022-2605","CVE-2022-2606","CVE-2022-2607","CVE-2022-2608","CVE-2022-2609","CVE-2022-2610","CVE-2022-2611","CVE-2022-2612","CVE-2022-2613","CVE-2022-2614","CVE-2022-2615","CVE-2022-2616","CVE-2022-2617","CVE-2022-2618","CVE-2022-2619","CVE-2022-2620","CVE-2022-2621","CVE-2022-2622","CVE-2022-2623","CVE-2022-2624"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0277.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30695"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html"},{"type":"WEB","url":"https://blog.chromium.org/2022/06/chrome-104-beta-new-media-query-syntax.html"}],"affected":[{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"104.0.5112.79-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0277.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}