Mageia 2024-0321: chromium-browser-stable Security Advisory Updates
Summary
Use after free in Downloads. (CVE-2024-6988)
Use after free in Loader. (CVE-2024-6989)
Use after free in Dawn. (CVE-2024-6991)
Heap buffer overflow in Layout. (CVE-2024-6994)
Inappropriate implementation in Fullscreen. (CVE-2024-6995)
Race in Frames. (CVE-2024-6996)
Use after free in Tabs. (CVE-2024-6997)
Use after free in User Education. (CVE-2024-6998)
Inappropriate implementation in FedCM. (CVE-2024-6999)
Use after free in CSS. (CVE-2024-7000)
Inappropriate implementation in HTML. (CVE-2024-7001)
Inappropriate implementation in FedCM. (CVE-2024-7003)
Insufficient validation of untrusted input in Safe Browsing.
(CVE-2024-7004)
Insufficient validation of untrusted input in Safe Browsing.
(CVE-2024-7005)
Uninitialized Use in Dawn. (CVE-2024-6990)
Out of bounds read in WebTransport. (CVE-2024-7255)
Insufficient data validation in Dawn. (CVE-2024-7256)
Out of bounds memory access in ANGLE. (CVE-2024-7532)
Use after free in Sharing. (CVE-2024-7533)
Type Confusion in V8. (CVE-2024-7550)
Heap buffer overflow in Layout. (CVE-2024-7534)
Inappropriate implementation in V8. (CVE-2024-7535)
Use after free in WebAudio. (CVE-2024-7536)
Use after free in Passwords. (CVE-2024-7964)
Inappropriate implementation in V8. (CVE-2024-7965)
Out of bounds memory access in Skia. (CVE-2024-7966)
Heap buffer overflow in Fonts. (CVE-2024-7967)
Use after free in Autofill. (CVE-2024-7968)
Type confusion in V8. (CVE-2024-7971)
Inappropriate implementation in V8. (CVE-2024-7972)
Heap buffer overflow in PDFium. (CVE-2024-7973)
Insufficient data validation in V8 API. (CVE-2024-7974)
Inappropriate implementation in Permissions. (CVE-2024-7975)
Inappropriate implementation in FedCM. (CVE-2024-7976)
Insufficient data validation in Installer. (CVE-2024-7977)
Insufficient policy enforcement in Data Transfer. (CVE-2024-7978)
Insufficient data validation in Installer. (CVE-2024-7979)
Insufficient data validation in Installer. (CVE-2024-7980)
Inappropriate implementation in Views. (CVE-2024-7981)
Inappropriate implementation in WebApp Installs. (CVE-2024-8033)
Inappropriate implementation in Custom Tabs. (CVE-2024-8034)
Inappropriate implementation in Extensions. (CVE-2024-8035)
Type Confusion in V8. (CVE-2024-7969)
Heap buffer overflow in Skia. (CVE-2024-8193)
Type Confusion in V8. (CVE-2024-8194)
Heap buffer overflow in Skia. (CVE-2024-8198)
Use after free in WebAudio. (CVE-2024-8362)
Out of bounds write in V8. (CVE-2024-7970)
Heap buffer overflow in Skia. (CVE-2024-8636)
Use after free in Media Router. (CVE-2024-8637)
Type Confusion in V8. (CVE-2024-8638)
Use after free in Autofill. (CVE-2024-8639)
Type Confusion in V8. (CVE-2024-8904)
Inappropriate implementation in V8. (CVE-2024-8905)
Incorrect security UI in Downloads. (CVE-2024-8906)
Insufficient data validation in Omnibox. (CVE-2024-8907)
Inappropriate implementation in Autofill. (CVE-2024-8908)
Inappropriate implementation in UI. (CVE-2024-8909)
Inappropriate implementation in V8. (CVE-2024-9121)
Type Confusion in V8. (CVE-2024-9122)
Integer overflow in Skia. (CVE-2024-9123)
References
- https://bugs.mageia.org/show_bug.cgi?id=33443
- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html
- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html
- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html
- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html
- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_13.html
- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6988
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6989
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6991
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6994
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6995
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6996
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6997
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6998
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6999
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7000
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7001
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7003
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7004
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7005
Resolution
MGASA-2024-0321 - Updated chromium-browser-stable packages fix security vulnerabilities
SRPMS
- 9/tainted/chromium-browser-stable-128.0.6613.137-1.mga9.tainted