Advisories » MGASA-2024-0194

Updated chromium-browser-stable packages fix security vulnerabilities

Publication date: 25 May 2024
Modification date: 25 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-5157 , CVE-2024-5158 , CVE-2024-5159 , CVE-2024-5160

Description

The chromium-browser-stable package has been updated to the
125.0.6422.76 release. It includes 6 security fixes
Please, do note, that since some versions ago, only x86_64 is supported.
i586 support for linux was stopped some years ago and the community is
not able to provide patches anymore for the latest Chromium code..
High CVE-2024-5157: Use after free in Scheduling.
High CVE-2024-5158: Type Confusion in V8.
High CVE-2024-5159: Heap buffer overflow in ANGLE.
High CVE-2024-5160: Heap buffer overflow in Dawn.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33231
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5157
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5158
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5159
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5160

SRPMS

9/tainted

• chromium-browser-stable-125.0.6422.76-1.mga9.tainted