Headline
Debian Security Advisory 5293-1
Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Debian Security Advisory DSA-5293-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
December 03, 2022 https://www.debian.org/security/faq
Package : chromium
CVE ID : CVE-2022-4174 CVE-2022-4175 CVE-2022-4176 CVE-2022-4177
CVE-2022-4178 CVE-2022-4179 CVE-2022-4180 CVE-2022-4181
CVE-2022-4182 CVE-2022-4183 CVE-2022-4184 CVE-2022-4185
CVE-2022-4186 CVE-2022-4187 CVE-2022-4188 CVE-2022-4189
CVE-2022-4190 CVE-2022-4191 CVE-2022-4192 CVE-2022-4193
CVE-2022-4194 CVE-2022-4195
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
For the stable distribution (bullseye), these problems have been fixed in
version 108.0.5359.71-2~deb11u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOLWqIACgkQEMKTtsN8
TjaVSg/+Kuwt9KF1hq9rXHoXR0pcf+Pai81hhP9JZPHFAEHX9OTAXKs2zAtiOcUm
bGis6uAZKIr2iUHBVw/g/94090oLLcW4eEjo/p9PJSuIWr2FjR0jb+Ky3HEDEY5P
8pCYrbSv7ep9QMC3X8y5Ag8PVU6n733E7lmqC7cJRIM8BwcBhYPiAZF9NHHegsog
UL65o5ExAawLioOARn1kyO4l9+Z/mmow8vJr2yzhhNnxwl1eSnkRyYNM4eTf8ZKm
U2ovaHvwrX8ajd516GfASP227qeNwVeX3hqcwHYnKtGlK1TQDtE4bYphjk/Xk9J4
dwTLSIF+Q9hio3bz+q2JQExH2V2pY7qV8u0hqrSH7t4UxI5Jg3n3iDQ2yTvIaI7B
8EIhiWqiqU0dCoAP9pTDksjXgPnz68WKiXrvX3J12CT3J8WyUhJT3OemxbbTbYmK
T6tBslpDNbDpbKzz0Soc2oEQuV3dHyl2Uwlliap9S+NlHFtNor8+57c+mJV2LRJl
xC6EdVjGmtPwBK3ACp3GnjZJDYVve9l4Wo/Ly8c1BZ9YddLFiWxsyIckn7g5aH0G
YZlqfzIIHd82sE4tLyQbMweCQRPA3ewWZkxG+95nLR7ry+HgtIucZ/WYgXIMSDh0
3JuWndcL7+R4BS1C6WmqJqhuxwEvYu7XDlg07fmu66PlqP9ncak=jTzc
-----END PGP SIGNATURE-----
Related news
Gentoo Linux Security Advisory 202311-11 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.10_p20230623 are affected.
Gentoo Linux Security Advisory 202305-10 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 109.0.5414.74-r1>= are affected.
The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.
Plus: Patches for Apple iOS 16, Google Chrome, Windows 10, and more.
Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)
Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)
Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)