Updated chromium-browser-stable packages fix security vulnerability
Publication date: 14 Feb 2023Modification date: 14 Feb 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-0471 , CVE-2023-0472 , CVE-2023-0473 , CVE-2023-0474
Description
The chromium-browser-stable package has been updated to the 109.0.5414.119
release, fixing 6 vulnerabilities.
Some of the security fixes are:
High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo
Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19
High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy
Kim(@cassidy6564) on 2023-01-06
Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by
raven at KunLun lab on 2023-01-03
Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at
S.S.L on 2022-12-14
References
- https://bugs.mageia.org/show_bug.cgi?id=31465
- https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html
- https://www.androidpolice.com/google-chrome-109/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0471
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0472
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0473
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0474
SRPMS
8/core
- chromium-browser-stable-109.0.5414.119-1.mga8