Discover Security Vulnerabilities News

Multiple Chromium DoS, Info Disclosure Vulns Fixed [Updated]

Q: How Can I Secure My Systems Against These Vulnerabilities?

An essential update for Chromium, version 122.0.6261.111, has been released to fix these harmful vulnerabilities. Given these bugs’ severe threat to affected systems, if left unpatched, we strongly recommend all impacted users apply the updates released to protect against data compromise and service disruption. To stay informed of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. Follow @LS_Advisories on X for real-time updates on advisories for your distro(s).

Brittany Day

1 - 2 min read Mar 24, 2024

Multiple severe security issues were discovered in Chromium before version 122.0.6261.128, which could result in arbitrary code execution, denial of service, or information disclosure. Let's examine these vulnerabilities, their impact, and how to protect against them.

What Security Bugs Have Been Discovered in Chromium?

Security vulnerabilities recently identified in Chromium include:

CVE-2024-2173: Out-of-bounds memory access in V8 allows a remote attacker to access out-of-bounds memory via a crafted HTML page.
CVE-2024-2174: Inappropriate implementation in V8 allows a remote attacker to exploit heap corruption via a crafted HTML page.
CVE-2024-2176: Use after free in FedCM allows a remote attacker to exploit heap corruption via a crafted HTML page.
CVE-2024-2400: Use after free in Performance Manager allows a remote attacker to exploit heap corruption via a crafted HTML page.
CVE-2024-1669: Out-of-bounds memory access in Blink.
CVE-2024-1670: Use after free in Mojo.
CVE-2024-1671: Inappropriate implementation in Site Isolation.
CVE-2024-1672: Inappropriate implementation in Content Security Policy.
CVE-2024-1673: Use after free in Accessibility.
/: Inappropriate implementation in Navigation.
CVE-2024-1675: Insufficient policy enforcement in Download.
CVE-2024-1676: Inappropriate implementation in Navigation.

These flaws have all received a Chromium security severity rating of "High," as they could allow attackers to corrupt your data, disrupt services, or run rogue programs on your computer.

How Can I Secure My Systems Against These Vulnerabilities?

An essential update for Chromium, version 122.0.6261.128, has been released to fix these harmful vulnerabilities. Given these bugs’ severe threat to affected systems, if left unpatched, we strongly recommend all impacted users apply the updates released to protect against data compromise and service disruption.

To stay informed of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on X for real-time updates on advisories for your distro(s).