Advisories » MGASA-2024-0161

Updated chromium-browser-stable packages fix security vulnerabilities

Publication date: 09 May 2024
Modification date: 09 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-4331 , CVE-2024-4368

Description

The chromium-browser-stable package has been updated to the
124.0.6367.128 release. It includes 2 security fixes.
Please, do note, only x86_64 is supported from now on.
i586 support for linux was stopped some years ago and the community is
not able to provide patches anymore for the latest Chromium code.
Some of the security fixes are:
* High CVE-2024-4331: Use after free in Picture In Picture. Reported by
Zhenghang Xiao (@Kipreyyy) on 2024-04-16
* High CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz on
2024-04-09
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33151
• https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4331
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4368

SRPMS

9/tainted

• chromium-browser-stable-124.0.6367.118-1.mga9.tainted