| Summary: | Chromium updated to 103.0.5060.53, fixes bugs and security vulnerabilities | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | christian barranco <chb0> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | brtians1, davidwhodgins, fri, herman.viaene, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | chromium-browser-stable-102.0.5005.115-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
christian barranco
2022-06-22 12:29:38 CEST
Hi Ready for QA in Testing ADVISORY NOTICE PROPOSAL ======================== New chromium-browser-stable branch fixes bugs and security vulnerabilities Description The chromium-browser-stable package has been updated to the new 103.0.5060.53 branch, fixing many bugs and 14 CVE. Some of them are listed below: [1335458] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11 [1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-19 [1321078] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29 [1116450] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14 [1330289] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30 [1307930] Medium CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19 [1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21 [1268445] Low CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10 [1250993] Low CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora on 2021-09-19 [1338205] Various fixes from internal audits, fuzzing and other initiatives References https://bugs.mageia.org/show_bug.cgi?id=30575 https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html https://blog.chromium.org/2022/05/chrome-103-beta-early-navigation-hints.html SRPMS 8/core chromium-browser-stable-103.0.5060.53-1.mga8 PROVIDED PACKAGES ================= x86_64 chromium-browser-103.0.5060.53-1.mga8.x86_64.rpm chromium-browser-stable-103.0.5060.53-1.mga8.x86_64.rpm i586 chromium-browser-103.0.5060.53-1.mga8.i586.rpm chromium-browser-stable-103.0.5060.53-1.mga8.i586.rpm Assignee:
chb0 =>
qa-bugs mga8-64 OK Plasma, Swedish, Intel i7, kernel 5.18.5-desktop-1.mga8, nvidia-current Localisation OK, preserved tabs and settings. Tested three banking ans couple video sites, a webshop, some other browsing. Printing works. MG8-64, Gnome, Laptop Installed Chromium youtube working jitsi meet working as expected. CC:
(none) =>
brtians1 MGA8-64 Plasma on Acer Aspire 5253 No installation issues. Checked with my usual newspaper with videos etc .... All work OK. CC:
(none) =>
herman.viaene Ok on my banking site, and other regularly used sites. Validating the update. Advisory committed to svn. CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0241.html Resolution:
(none) =>
FIXED |