Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 39: FEDORA-2023-5d1b8507b8 high: chromium use-after-free

fedora
Calendar Grey December 8, 2023
Dist Fedora Esm H88
The latest update for chromium, version 120.0.6099.62, addresses critical high-risk vulnerabilities, emphasizing the importance of safeguarding your device.
Update to 120.0.6099.62, upstream release fixes follow security issues: * High CVE-2023-6508: Use after free in Media Stream * High CVE-2023-6509: Use after free in Side Panel Sear...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

Update to 120.0.6099.62, upstream release fixes follow security issues: * High CVE-2023-6508: Use after free in Media Stream * High CVE-2023-6509: Use after free in Side Panel Search * Medium CVE-2023-6510: Use after free in Media Capture * Low CVE-2023-6511: Inappropriate implementation in Autofill * Low CVE-2023-6512: Inappropriate implementation in Web Browser UI

Topics%20covered

Topics Covered

security advisory high severity fedora update web browser chromium

Change Log

* Tue Dec 5 2023 Than Ngo - 120.0.6099.62-1 - update to 120.0.6099.62 - fixed bz#2252874, built with control flow integrity (CFI) support * Sat Dec 2 2023 Than Ngo - 120.0.6099.56-1 - update to 120.0.6099.56 - enable qt6 UI backend * Sat Dec 2 2023 Than Ngo - 119.0.6045.199-2 - fixed bz#2242271, built with bundleminizip in fedora > 39 - fixed bz#2251884, built with fstack-protector-strong for improved security

References


[ 1 ] Bug #2251884 - Set -fstack-protector-strong for improved security. https://bugzilla.redhat.com/show_bug.cgi?id=2251884 [ 2 ] Bug #2252874 - Not built with CFI https://bugzilla.redhat.com/show_bug.cgi?id=2252874 [ 3 ] Bug #2253150 - CVE-2023-6508 chromium: Use after free in Media Stream [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253150 [ 4 ] Bug #2253153 - CVE-2023-6509 chromium: Use after free in Side Panel Search [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253153 [ 5 ] Bug #2253156 - CVE-2023-6510 chromium: Use after free in Media Capture [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253156 [ 6 ] Bug #2253160 - CVE-2023-6511 chromium: Inappropriate implementation in Autofill [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2253160 [ 7 ] Bug #2253163 - CVE-2023-6512 chromium: Inappropriate implementation in Web Browser UI [fedora-all] https://bugz...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-5d1b8507b8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: chromium
Product: Fedora 39
Version: 120.0.6099.62
Release: 1.fc39
URL: https://www.chromium.org/Home/
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Topics%20covered

Topics Covered

security advisory high severity fedora update web browser chromium

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here