git: 66e8ddc44050 - main - security/vuxml: add www/chromium < 104.0.5112.101
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 17 Aug 2022 08:36:53 UTC
The branch main has been updated by rene:
URL: https://cgit.FreeBSD.org/ports/commit/?id=66e8ddc44050d3cd348143e491367c64a4fc1073
commit 66e8ddc44050d3cd348143e491367c64a4fc1073
Author: Rene Ladan <rene@FreeBSD.org>
AuthorDate: 2022-08-17 08:33:18 +0000
Commit: Rene Ladan <rene@FreeBSD.org>
CommitDate: 2022-08-17 08:34:12 +0000
security/vuxml: add www/chromium < 104.0.5112.101
Obtained from: https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
---
security/vuxml/vuln-2022.xml | 47 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 47 insertions(+)
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index 6ad1eaddcf75..5621c3c61707 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,50 @@
+ <vuln vid="f12368a8-1e05-11ed-a1ef-3065ec8fd3ec">
+ <topic>chromium -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>104.0.5112.101</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html">
+ <p>This release contains 11 security fixes, including:</p>
+ <ul>
+ <li>[1349322] Critical CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02</li>
+ <li>[1337538] High CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18</li>
+ <li>[1345042] High CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16</li>
+ <li>[1338135] High CVE-2022-2857: Use after free in Blink. Reported by Anonymous on 2022-06-21</li>
+ <li>[1341918] High CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05</li>
+ <li>[1350097] High CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04</li>
+ <li>[1345630] High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19</li>
+ <li>[1338412] Medium CVE-2022-2859: Use after free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22</li>
+ <li>[1345193] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong on 2022-07-18</li>
+ <li>[1346236] Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI on 2022-07-21</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2022-2852</cvename>
+ <cvename>CVE-2022-2853</cvename>
+ <cvename>CVE-2022-2854</cvename>
+ <cvename>CVE-2022-2855</cvename>
+ <cvename>CVE-2022-2856</cvename>
+ <cvename>CVE-2022-2857</cvename>
+ <cvename>CVE-2022-2858</cvename>
+ <cvename>CVE-2022-2859</cvename>
+ <cvename>CVE-2022-2860</cvename>
+ <cvename>CVE-2022-2861</cvename>
+ <url>https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html</url>
+ </references>
+ <dates>
+ <discovery>2022-08-16</discovery>
+ <entry>2022-08-17</entry>
+ </dates>
+ </vuln>
+
<vuln vid="d658042c-1c98-11ed-95f8-901b0e9408dc">
<topic>dendrite -- Incorrect parsing of the event default power level in event auth</topic>
<affects>