{ "schema_version": "1.6.2", "id": "MGASA-2024-0230", "published": "2024-06-20T17:46:05Z", "modified": "2024-06-20T17:40:33Z", "summary": "Updated chromium-browser-stable packages fix security vulnerabilities", "details": "The chromium-browser-stable package has been updated to the\n126.0.6478.61 release. It includes 21 security fixes.\nSome of them are:\n* High CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of\nGitHub Security Lab on 2024-05-24\n* High CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz on\n2024-05-07\n* High CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz on\n2024-05-13\n* High CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel on\n2024-05-24\n* High CVE-2024-5834: Inappropriate implementation in Dawn. Reported by\ngelatin dessert on 2024-05-26\n* High CVE-2024-5835: Heap buffer overflow in Tab Groups. Reported by\nWeipeng Jiang (@Krace) of VRI on 2024-05-22\n* High CVE-2024-5836: Inappropriate Implementation in DevTools. Reported\nby Allen Ding on 2024-05-21\n* High CVE-2024-5837: Type Confusion in V8. Reported by Anonymous on\n2024-05-23\n* High CVE-2024-5838: Type Confusion in V8. Reported by Zhenghang Xiao\n(@Kipreyyy) on 2024-05-24\n* Medium CVE-2024-5839: Inappropriate Implementation in Memory\nAllocator. Reported by Micky on 2024-05-13\n* Medium CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard\non 2024-01-17\n* Medium CVE-2024-5841: Use after free in V8. Reported by Cassidy\nKim(@cassidy6564) on 2024-02-26\n* Medium CVE-2024-5842: Use after free in Browser UI. Reported by Sven\nDysthe (@svn_dy) on 2023-01-12\n* Medium CVE-2024-5843: Inappropriate implementation in Downloads.\nReported by hjy79425575 on 2024-04-12\n* Medium CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by\nSri on 2024-04-01\n* Medium CVE-2024-5845: Use after free in Audio. Reported by anonymous\non 2024-05-13\n* Medium CVE-2024-5846: Use after free in PDFium. Reported by Han Zheng\n(HexHive) on 2024-05-16\n* Medium CVE-2024-5847: Use after free in PDFium. Reported by Han Zheng\n(HexHive) on 2024-05-18\nPlease, do note, only x86_64 is supported since some versions ago.\ni586 support for linux was stopped some years ago and the community is\nnot able to provide patches anymore for the latest Chromium code.\n", "related": [ "CVE-2024-5830", "CVE-2024-5831", "CVE-2024-5832", "CVE-2024-5833", "CVE-2024-5834", "CVE-2024-5835", "CVE-2024-5836", "CVE-2024-5837", "CVE-2024-5838", "CVE-2024-5839", "CVE-2024-5840", "CVE-2024-5841", "CVE-2024-5842", "CVE-2024-5843", "CVE-2024-5844", "CVE-2024-5845", "CVE-2024-5846", "CVE-2024-5847" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2024-0230.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=33308" }, { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_13.html" }, { "type": "REPORT", "url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html" } ], "affected": [ { "package": { "ecosystem": "Mageia:9", "name": "chromium-browser-stable", "purl": "pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "126.0.6478.61-1.mga9.tainted" } ] } ], "ecosystem_specific": { "section": "tainted" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }