Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Fedora 38 Security Advisory FEDORA-2024-3a548f46a8: Critical Chrome Issues

fedora
Calendar Grey May 18, 2024
Dist Fedora Esm H88
Fedora reveals security notice FEDORA-2024-4b659g87b9 concerning updates for firefox, tackling severe vulnerabilities and providing necessary fixes.
update to 125.0.6422.60 * High CVE-2024-4947: Type Confusion in V8 * High CVE-2024-4948: Use after free in Dawn * Medium CVE-2024-4949: Use after free in V8 * Low CVE-2024-4950...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

update to 125.0.6422.60 * High CVE-2024-4947: Type Confusion in V8 * High CVE-2024-4948: Use after free in Dawn * Medium CVE-2024-4949: Use after free in V8 * Low CVE-2024-4950: Inappropriate implementation in Downloads update to 124.0.6367.201 * High CVE-2024-4671: Use after free in Visuals update to 124.0.6367.155 High CVE-2024-4558: Use after free in ANGLE High CVE-2024-4559: Heap buffer overflow in WebAudio update to 124.0.6367.118 * High CVE-2024-4331: Use after free in Picture In Picture * High CVE-2024-4368: Use after free in Dawn update to 124.0.6367.91

Change Log

* Thu May 16 2024 Than Ngo - 125.0.6422.60-1 - update to 125.0.6422.60 * High CVE-2024-4947: Type Confusion in V8 * High CVE-2024-4948: Use after free in Dawn * Medium CVE-2024-4949: Use after free in V8 * Low CVE-2024-4950: Inappropriate implementation in Downloads * Sun May 12 2024 Than Ngo - 125.0.6422.41-1 - update to 125.0.6422.41 * Sat May 11 2024 Than Ngo - 124.0.6367.201-2 - include headless_command_resources.pak for headless_shell * Fri May 10 2024 Than Ngo - 124.0.6367.201-1 - update to 124.0.6367.201 * High CVE-2024-4671: Use after free in Visuals * Wed May 8 2024 Than Ngo - 124.0.6367.155-1 - update to 124.0.6367.155 * High CVE-2024-4558: Use after free in ANGLE * High CVE-2024-4559: Heap buffer overflow in WebAudio * Sun May 5 2024 Than Ngo - 124.0.6367.118-2 - fixed build errors on el8 - refreshed clean_ffmpeg.sh - added missing files for bundle ffmpeg * Wed May 1 2024 Than Ngo - 124.0.6367.118-1 - update to 124.0.6367.118 * High CVE-2024-4331: Use after free in Picture In Picture * High CVE-2024-4368: Use after free in Dawn - use system highway * Sat Apr 27 2024 Than Ngo - 124.0.6367.91-1 - update to 124.0.6367.91 - fixed bz#2277228 - chromium wrapper causes library issues (symbol lookup error) - use system dav1d

References


[ 1 ] Bug #2274695 - CVE-2023-49528 chromium: FFmpeg: Heap Buffer Overflow vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2274695 [ 2 ] Bug #2275841 - CVE-2024-31578 CVE-2024-31581 CVE-2024-31582 CVE-2024-31585 chromium: ffmpeg: multiple vulnerabilities [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2275841 [ 3 ] Bug #2276116 - CVE-2023-49501 CVE-2023-49502 CVE-2023-51791 CVE-2023-51792 CVE-2023-51793 chromium: ffmpeg: multiple vulnerabilities [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276116 [ 4 ] Bug #2276123 - CVE-2023-51795 CVE-2023-51796 CVE-2023-51797 CVE-2023-51798 chromium: ffmpeg: multiple vulnerabilites [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276123 [ 5 ] Bug #2276130 - CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 chromium: ffmpeg: multiple vulnerabilitites [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276130 [ 6 ] Bug #2277228 -...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-3a548f46a8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: chromium
Product: Fedora 38
Version: 125.0.6422.60
Release: 1.fc38
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here