Advisories ยป MGASA-2023-0016

Updated chromium-browser-stable packages fix security vulnerability

Publication date: 24 Jan 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-0128 , CVE-2023-0129 , CVE-2023-0130 , CVE-2023-0131 , CVE-2023-0132 , CVE-2023-0133 , CVE-2023-0134 , CVE-2023-0135 , CVE-2023-0136 , CVE-2023-0137 , CVE-2023-0138 , CVE-2023-0139 , CVE-2023-0140 , CVE-2023-0141

Description

The chromium-browser-stable package has been updated to the 109.0.5414.74
release, fixing 17 vulnerabilities.

Some of the security fixes are -

High CVE-2023-0128 Use after free in Overview Mode. Reported by Khalil
Zhani on 2022-08-16
High CVE-2023-0129 Heap buffer overflow in Network Service. Reported by
asnine on 2022-11-07
Medium CVE-2023-0130 Inappropriate implementation in Fullscreen API.
Reported by Hafiizh on 2022-09-30
Medium CVE-2023-0131 Inappropriate implementation in iframe Sandbox.
Reported by NDevTK on 2022-08-28
Medium CVE-2023-0132 Inappropriate implementation in Permission prompts.
Reported by Jasper Rebane (popstonia) on 2022-10-05
Medium CVE-2023-0133 Inappropriate implementation in Permission prompts.
Reported by Alesandro Ortiz on 2022-10-17
Medium CVE-2023-0134 Use after free in Cart. Reported by Chaoyuan Peng
(@ret2happy) on 2022-11-17
Medium CVE-2023-0135 Use after free in Cart. Reported by Chaoyuan Peng
(@ret2happy) on 2022-11-18
Medium CVE-2023-0136 Inappropriate implementation in Fullscreen API.
Reported by Axel Chong on 2022-08-26
Medium CVE-2023-0137 Heap buffer overflow in Platform Apps. Reported by
avaue and Buff3tts at S.S.L. on 2022-12-10
Low CVE-2023-0138 Heap buffer overflow in libphonenumber. Reported by
Michael Dau on 2022-07-23
Low CVE-2023-0139 Insufficient validation of untrusted input in Downloads.
Reported by Axel Chong on 2022-09-24
Low CVE-2023-0140 Inappropriate implementation in File System API.
Reported by harrison.mitchell, cybercx.com.au  on 2022-05-18
Low CVE-2023-0141 Insufficient policy enforcement in CORS. Reported by
scarlet on 2022-09-12
                

References

SRPMS

8/core