MGASA-2024-0321 - Updated chromium-browser-stable packages fix security vulnerabilities

Publication date: 04 Oct 2024
URL: https://advisories.mageia.org/MGASA-2024-0321.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2024-6988,
     CVE-2024-6989,
     CVE-2024-6991,
     CVE-2024-6994,
     CVE-2024-6995,
     CVE-2024-6996,
     CVE-2024-6997,
     CVE-2024-6998,
     CVE-2024-6999,
     CVE-2024-7000,
     CVE-2024-7001,
     CVE-2024-7003,
     CVE-2024-7004,
     CVE-2024-7005

Use after free in Downloads. (CVE-2024-6988)
Use after free in Loader. (CVE-2024-6989)
Use after free in Dawn. (CVE-2024-6991)
Heap buffer overflow in Layout. (CVE-2024-6994)
Inappropriate implementation in Fullscreen. (CVE-2024-6995)
Race in Frames. (CVE-2024-6996)
Use after free in Tabs. (CVE-2024-6997)
Use after free in User Education. (CVE-2024-6998)
Inappropriate implementation in FedCM. (CVE-2024-6999)
Use after free in CSS. (CVE-2024-7000)
Inappropriate implementation in HTML. (CVE-2024-7001)
Inappropriate implementation in FedCM. (CVE-2024-7003)
Insufficient validation of untrusted input in Safe Browsing.
(CVE-2024-7004)
Insufficient validation of untrusted input in Safe Browsing.
(CVE-2024-7005)
Uninitialized Use in Dawn. (CVE-2024-6990)
Out of bounds read in WebTransport. (CVE-2024-7255)
Insufficient data validation in Dawn. (CVE-2024-7256)
Out of bounds memory access in ANGLE. (CVE-2024-7532)
Use after free in Sharing. (CVE-2024-7533)
Type Confusion in V8. (CVE-2024-7550)
Heap buffer overflow in Layout. (CVE-2024-7534)
Inappropriate implementation in V8. (CVE-2024-7535)
Use after free in WebAudio. (CVE-2024-7536)
Use after free in Passwords. (CVE-2024-7964)
Inappropriate implementation in V8. (CVE-2024-7965)
Out of bounds memory access in Skia. (CVE-2024-7966)
Heap buffer overflow in Fonts. (CVE-2024-7967)
Use after free in Autofill. (CVE-2024-7968)
Type confusion in V8. (CVE-2024-7971)
Inappropriate implementation in V8. (CVE-2024-7972)
Heap buffer overflow in PDFium. (CVE-2024-7973)
Insufficient data validation in V8 API. (CVE-2024-7974)
Inappropriate implementation in Permissions. (CVE-2024-7975)
Inappropriate implementation in FedCM. (CVE-2024-7976)
Insufficient data validation in Installer. (CVE-2024-7977)
Insufficient policy enforcement in Data Transfer. (CVE-2024-7978)
Insufficient data validation in Installer. (CVE-2024-7979)
Insufficient data validation in Installer. (CVE-2024-7980)
Inappropriate implementation in Views. (CVE-2024-7981)
Inappropriate implementation in WebApp Installs. (CVE-2024-8033)
Inappropriate implementation in Custom Tabs. (CVE-2024-8034)
Inappropriate implementation in Extensions. (CVE-2024-8035)
Type Confusion in V8. (CVE-2024-7969)
Heap buffer overflow in Skia. (CVE-2024-8193)
Type Confusion in V8. (CVE-2024-8194)
Heap buffer overflow in Skia. (CVE-2024-8198)
Use after free in WebAudio. (CVE-2024-8362)
Out of bounds write in V8. (CVE-2024-7970)
Heap buffer overflow in Skia. (CVE-2024-8636)
Use after free in Media Router. (CVE-2024-8637)
Type Confusion in V8. (CVE-2024-8638)
Use after free in Autofill. (CVE-2024-8639)
Type Confusion in V8. (CVE-2024-8904)
Inappropriate implementation in V8. (CVE-2024-8905)
Incorrect security UI in Downloads. (CVE-2024-8906)
Insufficient data validation in Omnibox. (CVE-2024-8907)
Inappropriate implementation in Autofill. (CVE-2024-8908)
Inappropriate implementation in UI. (CVE-2024-8909)
Inappropriate implementation in V8. (CVE-2024-9121)
Type Confusion in V8. (CVE-2024-9122)
Integer overflow in Skia. (CVE-2024-9123)

References:
- https://bugs.mageia.org/show_bug.cgi?id=33443
- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html
- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html
- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html
- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html
- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_13.html
- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6988
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6989
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6991
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6994
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6995
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6996
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6997
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6998
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6999
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7000
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7001
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7003
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7004
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7005

SRPMS:
- 9/tainted/chromium-browser-stable-128.0.6613.137-1.mga9.tainted

Mageia 2024-0321: chromium-browser-stable Security Advisory Updates

Use after free in Downloads

Summary

Use after free in Downloads. (CVE-2024-6988) Use after free in Loader. (CVE-2024-6989) Use after free in Dawn. (CVE-2024-6991) Heap buffer overflow in Layout. (CVE-2024-6994) Inappropriate implementation in Fullscreen. (CVE-2024-6995) Race in Frames. (CVE-2024-6996) Use after free in Tabs. (CVE-2024-6997) Use after free in User Education. (CVE-2024-6998) Inappropriate implementation in FedCM. (CVE-2024-6999) Use after free in CSS. (CVE-2024-7000) Inappropriate implementation in HTML. (CVE-2024-7001) Inappropriate implementation in FedCM. (CVE-2024-7003) Insufficient validation of untrusted input in Safe Browsing. (CVE-2024-7004) Insufficient validation of untrusted input in Safe Browsing. (CVE-2024-7005) Uninitialized Use in Dawn. (CVE-2024-6990) Out of bounds read in WebTransport. (CVE-2024-7255) Insufficient data validation in Dawn. (CVE-2024-7256) Out of bounds memory access in ANGLE. (CVE-2024-7532) Use after free in Sharing. (CVE-2024-7533) Type Confusion in V8. (CVE-2024-7550) Heap buffer overflow in Layout. (CVE-2024-7534) Inappropriate implementation in V8. (CVE-2024-7535) Use after free in WebAudio. (CVE-2024-7536) Use after free in Passwords. (CVE-2024-7964) Inappropriate implementation in V8. (CVE-2024-7965) Out of bounds memory access in Skia. (CVE-2024-7966) Heap buffer overflow in Fonts. (CVE-2024-7967) Use after free in Autofill. (CVE-2024-7968) Type confusion in V8. (CVE-2024-7971) Inappropriate implementation in V8. (CVE-2024-7972) Heap buffer overflow in PDFium. (CVE-2024-7973) Insufficient data validation in V8 API. (CVE-2024-7974) Inappropriate implementation in Permissions. (CVE-2024-7975) Inappropriate implementation in FedCM. (CVE-2024-7976) Insufficient data validation in Installer. (CVE-2024-7977) Insufficient policy enforcement in Data Transfer. (CVE-2024-7978) Insufficient data validation in Installer. (CVE-2024-7979) Insufficient data validation in Installer. (CVE-2024-7980) Inappropriate implementation in Views. (CVE-2024-7981) Inappropriate implementation in WebApp Installs. (CVE-2024-8033) Inappropriate implementation in Custom Tabs. (CVE-2024-8034) Inappropriate implementation in Extensions. (CVE-2024-8035) Type Confusion in V8. (CVE-2024-7969) Heap buffer overflow in Skia. (CVE-2024-8193) Type Confusion in V8. (CVE-2024-8194) Heap buffer overflow in Skia. (CVE-2024-8198) Use after free in WebAudio. (CVE-2024-8362) Out of bounds write in V8. (CVE-2024-7970) Heap buffer overflow in Skia. (CVE-2024-8636) Use after free in Media Router. (CVE-2024-8637) Type Confusion in V8. (CVE-2024-8638) Use after free in Autofill. (CVE-2024-8639) Type Confusion in V8. (CVE-2024-8904) Inappropriate implementation in V8. (CVE-2024-8905) Incorrect security UI in Downloads. (CVE-2024-8906) Insufficient data validation in Omnibox. (CVE-2024-8907) Inappropriate implementation in Autofill. (CVE-2024-8908) Inappropriate implementation in UI. (CVE-2024-8909) Inappropriate implementation in V8. (CVE-2024-9121) Type Confusion in V8. (CVE-2024-9122) Integer overflow in Skia. (CVE-2024-9123)

References

- https://bugs.mageia.org/show_bug.cgi?id=33443

- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_24.html

- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html

- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html

- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html

- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html

- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html

- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_13.html

- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html

- https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html

- https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6988

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6989

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6991

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6994

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6995

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6996

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6997

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6998

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6999

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7000

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7001

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7003

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7004

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7005

Resolution

MGASA-2024-0321 - Updated chromium-browser-stable packages fix security vulnerabilities

SRPMS

- 9/tainted/chromium-browser-stable-128.0.6613.137-1.mga9.tainted

Severity
Publication date: 04 Oct 2024
URL: https://advisories.mageia.org/MGASA-2024-0321.html
Type: security
CVE: CVE-2024-6988, CVE-2024-6989, CVE-2024-6991, CVE-2024-6994, CVE-2024-6995, CVE-2024-6996, CVE-2024-6997, CVE-2024-6998, CVE-2024-6999, CVE-2024-7000, CVE-2024-7001, CVE-2024-7003, CVE-2024-7004, CVE-2024-7005

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved