Updated chromium-browser-stable packages fix bugs and vulnerabilities
Publication date: 20 Nov 2023Modification date: 20 Nov 2023
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-5480 , CVE-2023-5482 , CVE-2023-5849 , CVE-2023-5996 , CVE-2023-5997 , CVE-2023-6112 , CVE-2023-5850 , CVE-2023-5851 , CVE-2023-5852 , CVE-2023-5853 , CVE-2023-5854 , CVE-2023-5855 , CVE-2023-5856 , CVE-2023-5857 , CVE-2023-5858
Description
The chromium-browser-stable package has been updated to the
119.0.6045.159 release, fixing bugs and 15 vulnerabilities, together
with 119.0.6045.123 and 119.0.6045.105; some of them are listed below:
High CVE-2023-5480: Inappropriate implementation in Payments. Reported
by Vsevolod Kokorin (Slonser) of Solidlab on 2023-10-14
High CVE-2023-5482: Insufficient data validation in USB. Reported by
DarkNavy on 2023-10-13
High CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy on
2023-10-13
High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin
of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30
High CVE-2023-5997: Use after free in Garbage Collection. Reported by
Anonymous on 2023-10-31
High CVE-2023-6112: Use after free in Navigation. Reported by Sergei
Glazunov of Google Project Zero on 2023-11-04
Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by
Mohit Raj (shadow2639) on 2021-12-22
Medium CVE-2023-5851: Inappropriate implementation in Downloads.
Reported by Shaheen Fazim on 2023-08-18
Medium CVE-2023-5852: Use after free in Printing. Reported by [pwn2car]
on 2023-09-10
Medium CVE-2023-5853: Incorrect security UI in Downloads. Reported by
Hafiizh on 2023-06-22
Medium CVE-2023-5854: Use after free in Profiles. Reported by Dohyun Lee
(@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ on 2023-10-01
Medium CVE-2023-5855: Use after free in Reading Mode. Reported by
ChaobinZhang on 2023-10-13
Medium CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng
Jiang (@Krace) of VRI on 2023-10-17
Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Reported by Will Dormann on 2023-10-18
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Reported by Axel Chong on 2023-06-24
Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported
by Junsung Lee on 2023-09-13
References
- https://bugs.mageia.org/show_bug.cgi?id=32529
- https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html
- https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html
- https://www.gearrice.com/update/chrome-119-backs-up-and-finally-syncs-your-tabs/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5480
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5482
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5849
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5996
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5997
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6112
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5850
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5851
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5852
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5853
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5854
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5855
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5856
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5857
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5858
SRPMS
9/tainted
- chromium-browser-stable-119.0.6045.159-1.mga9.tainted