Updated chromium-browser-stable packages fix security vulnerability
Publication date: 11 Sep 2023Modification date: 11 Sep 2023
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-4427 , CVE-2023-4428 , CVE-2023-4429 , CVE-2023-4430 , CVE-2023-4431 , CVE-2023-4572
Description
The chromium-browser-stable package has been updated to the 116.0.5845.140
release, fixing 5 vulnerabilities.
High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy
Kim(@cassidy6564) on 2023-08-02
High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on
2023-08-03
High CVE-2023-4428: Out of bounds memory access in CSS. Reported by
Francisco Alonso (@revskills) on 2023-08-06
High CVE-2023-4427: Out of bounds memory access in V8. Reported by Sergei
Glazunov of Google Project Zero on 2023-08-07
Medium CVE-2023-4431: Out of bounds memory access in Fonts. Reported by
Microsoft Security Researcher on 2023-08-01
High CVE-2023-4572: Use after free in MediaStream. Reported by
fwnfwn(@_fwnfwn) on 2023-08-12
References
- https://bugs.mageia.org/show_bug.cgi?id=32193
- https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html
- https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4427
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4428
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4429
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4430
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4431
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4572
SRPMS
9/tainted
- chromium-browser-stable-116.0.5845.140-1.mga9.tainted