Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 38: 2023-a32ad3e643 High: Chromium Media Threats

fedora
Calendar Grey December 9, 2023
Dist Fedora Esm H88
Google Chrome version 120.0.6099.62 resolves severe security issues, some classified as critical. Update immediately!
Update to 120.0.6099.62, upstream release fixes follow security issues: * High CVE-2023-6508: Use after free in Media Stream * High CVE-2023-6509: Use after free in Side Panel Sear...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

Update to 120.0.6099.62, upstream release fixes follow security issues: * High CVE-2023-6508: Use after free in Media Stream * High CVE-2023-6509: Use after free in Side Panel Search * Medium CVE-2023-6510: Use after free in Media Capture * Low CVE-2023-6511: Inappropriate implementation in Autofill * Low CVE-2023-6512: Inappropriate implementation in Web Browser UI

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora high Chromium media capture

Change Log

* Wed Dec 6 2023 Than Ngo - 120.0.6099.62-2 - drop unsupported ldflag which caused build failure * Tue Dec 5 2023 Than Ngo - 120.0.6099.62-1 - update to 120.0.6099.62 - fixed bz#2252874, built with control flow integrity (CFI) support * Sat Dec 2 2023 Than Ngo - 120.0.6099.56-1 - update to 120.0.6099.56 - enable qt6 UI backend * Sat Dec 2 2023 Than Ngo - 119.0.6045.199-2 - fixed bz#2242271, built with bundleminizip in fedora > 39 - fixed bz#2251884, built with fstack-protector-strong for improved security

References


[ 1 ] Bug #2251884 - Set -fstack-protector-strong for improved security. https://bugzilla.redhat.com/show_bug.cgi?id=2251884 [ 2 ] Bug #2252874 - Not built with CFI https://bugzilla.redhat.com/show_bug.cgi?id=2252874 [ 3 ] Bug #2253150 - CVE-2023-6508 chromium: Use after free in Media Stream [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253150 [ 4 ] Bug #2253153 - CVE-2023-6509 chromium: Use after free in Side Panel Search [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253153 [ 5 ] Bug #2253156 - CVE-2023-6510 chromium: Use after free in Media Capture [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253156 [ 6 ] Bug #2253160 - CVE-2023-6511 chromium: Inappropriate implementation in Autofill [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253160 [ 7 ] Bug #2253163 - CVE-2023-6512 chromium: Inappropriate implementation in Web Browser UI [fedora-all] https://bugz...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-a32ad3e643' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: chromium
Product: Fedora 38
Version: 120.0.6099.62
Release: 2.fc38
URL: https://www.chromium.org/Home/
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora high Chromium media capture

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here