Updated chromium-browser-stable packages fix security vulnerabilities
Publication date: 03 Jun 2024Modification date: 03 Jun 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-5493 , CVE-2024-5494 , CVE-2024-5495 , CVE-2024-5496 , CVE-2024-5497 , CVE-2024-5498 , CVE-2024-5499
Description
The chromium-browser-stable package has been updated to the
125.0.6422.141 release. It includes 11 security fixes.
Some of them are:
* High CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by
Cassidy Kim(@cassidy6564) on 2024-05-11
* High CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz on
2024-05-01
* High CVE-2024-5495: Use after free in Dawn. Reported by wgslfuzz on
2024-05-01
* High CVE-2024-5496: Use after free in Media Session. Reported by
Cassidy Kim(@cassidy6564) on 2024-05-06
* High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs.
Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on
2024-05-07
* High CVE-2024-5498: Use after free in Presentation API. Reported by
anymous on 2024-05-09
* High CVE-2024-5499: Out of bounds write in Streams API. Reported by
anonymous on 2024-05-11
Please, do note, only x86_64 is supported since some versions ago.
i586 support for linux was stopped some years ago and the community is
not able to provide patches anymore for the latest Chromium code.
References
- https://bugs.mageia.org/show_bug.cgi?id=33261
- https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_30.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5493
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5494
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5495
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5496
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5497
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5498
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5499
SRPMS
9/tainted
- chromium-browser-stable-125.0.6422.141-1.mga9.tainted