Updated chromium-browser-stable packages fix security vulnerabilities
Publication date: 16 May 2024Modification date: 16 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-4761 , CVE-2024-4671 , CVE-2024-4558 , CVE-2024-4559
Description
The chromium-browser-stable package has been updated to the
124.0.6367.207 release. It includes 4 security fixes.
Please, do note, only x86_64 is supported from now on.
i586 support for linux was stopped some years ago and the community is
not able to provide patches anymore for the latest Chromium code.
Some of the security fixes are:
* High CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous
on 2024-05-09
* High CVE-2024-4671: Use after free in Visuals. Reported by Anonymous
on 2024-05-07
* High CVE-2024-4558: Use after free in ANGLE. Reported by gelatin
dessert on 2024-04-29
* High CVE-2024-4559: Heap buffer overflow in WebAudio. Reported by
Cassidy Kim(@cassidy6564) on 2024-03-2
Google is aware that exploits for CVE-2024-4761 and CVE-2024-4671 exist
in the wild.
References
- https://bugs.mageia.org/show_bug.cgi?id=33213
- https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html
- https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
- https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4761
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4671
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4558
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4559
SRPMS
9/tainted
- chromium-browser-stable-124.0.6367.207-1.mga9.tainted