Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Fedora 39: 2024-210776b8c7 critical: Chromium heap overflow issue

fedora
Calendar Grey January 5, 2024
Dist Fedora Esm H88
A crucial Fedora update addresses several heap overflow issues in Chromium, enhancing security and stability for users.
update to 120.0.6099.199 - CVE-2023-6879 aom: heap-buffer-overflow on frame size change - CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz - CVE-2024-0222: Use after free...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

update to 120.0.6099.199 - CVE-2023-6879 aom: heap-buffer-overflow on frame size change - CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz - CVE-2024-0222: Use after free in ANGLE - CVE-2024-0223: Heap buffer overflow in ANGLE - CVE-2024-0224: Use after free in WebAudio - CVE-2024-0225: Use after free in WebGPU

Change Log

* Thu Jan 4 2024 Than Ngo - 120.0.6099.199-1 - new gn update, drop workaround for broken gn on epel 8/9 - update to 120.0.6099.199 * CVE-2024-0222: Use after free in ANGLE * CVE-2024-0223: Heap buffer overflow in ANGLE * CVE-2024-0224: Use after free in WebAudio * CVE-2024-0225: Use after free in WebGPU

References


[ 1 ] Bug #2256057 - CVE-2023-6879 chromium: aom: heap-buffer-overflow on frame size change [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2256057 [ 2 ] Bug #2256199 - CVE-2023-7104 chromium: sqlite: heap-buffer-overflow at sessionfuzz [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2256199 [ 3 ] Bug #2256796 - CVE-2024-0222 chromium: Use after free in ANGLE, compromised the renderer process to potentially exploit heap corruption via a crafted HTML page [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2256796 [ 4 ] Bug #2256803 - CVE-2024-0223 chromium: heap corruption via a crafted HTML page in angle [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2256803 [ 5 ] Bug #2256809 - CVE-2024-0224 chromium: heap corruption via a crafted HTML page in webaudio [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2256809 [ 6 ] Bug #2256815 - CVE-2024-0225 chromium: heap corruption via a cra...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-210776b8c7' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: chromium
Product: Fedora 39
Version: 120.0.6099.199
Release: 1.fc39
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here