Headline
Debian Security Advisory 5261-1
Debian Linux Security Advisory 5261-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5261-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffOctober 26, 2022 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromiumCVE ID : CVE-2022-3652 CVE-2022-3653 CVE-2022-3654 CVE-2022-3655 CVE-2022-3656 CVE-2022-3657 CVE-2022-3658 CVE-2022-3659 CVE-2022-3660 CVE-2022-3661Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 107.0.5304.68-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNZexEACgkQEMKTtsN8TjYRnxAAqAA0Egh1wZoBi7sCYhoCqR546MdWDKO/bJfqYq2aKO3KZDz9Td7BnZ1t/v+Cj49QBk+OfQaLbSP0KTcPqYIQAtd9z2bdskSs+4rFcj+jFmmM59WsSEghsGGApANaYUUsDitGqVJpFUkZCXHYxYUt0sWJYZ8QeYHipQr6Mw22+n77igvQjpqzdIpDXIUlSasDGx7vFoX0Psu8C5TvXhCjxzFr0mLHRuEf+HjlrEwS7eTrycZN2rcc0JFH6oCwVtitKsiEwhystoaDaX1YKZczQ/O9S+pBj4wh4PTQPNTUeODyN3pZKwRVJmUM8rR/lBTEfFRtUw615ieDX/lideqfo9OK0GmY3iSwf5oL728iuu5seWcPKAO09t6sNvG2Fjw6JTn0NQ7z9LZFHeWDbDlLV6ABQ2VusoMMRRkAdNV9ycuiXThGsQBw6ukTUzUfKnui9NV37ouDClnahB96/Y4i8BGXyYF0T4TMCJUtiZCG4xASGEbMHwUO4h6A2WjIq/m6F2pg98cEG/losAuxBwtwzRzoUY8gvoQZE+7WoMTRyQIpmO8AfJraNvexKx/im/7eLvtF/0XIy57hQzRsnbOQ1RzcdxDgV4zJ+L+QeyXDgkAwYs1s1Xtt7Dl21New/cV0OUInJ9Z9qvOo2Hz7D/UOYopDjlhx1XMZJPtgXIOilQQ=rkOd-----END PGP SIGNATURE-----Related news
By Deeba Ahmed The vulnerability affected all Chromium-based browsers, including Opera and Edge. This is a post from HackRead.com Read the original post: Credential Stealing Flaw in Google Chrome Impacted 2.5 Billion Users
Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. "The issue arose from the way the browser interacted with symlinks when processing files and directories," Imperva researcher Ron Masas said. "Specifically, the browser did not properly check
Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chrome security severity: Medium)
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chrome security severity: Medium)