ALT Linux Team

Package chromium update in sisyphus on 2022-10-10

ALT-PU-2022-2748-3

Package chromium updated to version 106.0.5249.103-alt1 for branch sisyphus in task 308165.

Closed vulnerabilities

Published: 2022-10-13
Modified: 2023-02-28

BDU:2022-06271

Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.6)Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2022-10-20
Modified: 2023-02-28

BDU:2022-06371

Уязвимость пользовательских элементов браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.6)Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2023-08-11

BDU:2023-04583

Уязвимость набора инструментов для веб-разработки DevTools браузера Google Chrome, позволяющая нарушителю раскрыть обойти политику безопасности контента

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
References:
Published: 2024-09-23
Modified: 2024-09-30

BDU:2024-07364

Уязвимость веб-браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
Published: 2022-11-01
Modified: 2024-11-21

CVE-2022-3370

Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-11-01
Modified: 2025-05-05

CVE-2022-3373

Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2022-11-01
Modified: 2024-11-21

CVE-2022-3443

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
Published: 2022-11-01
Modified: 2024-11-21

CVE-2022-3444

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
Published: 2023-07-29
Modified: 2024-11-21

CVE-2022-4911

Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top