Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 39: FEDORA-2024-b60f51180f Critical: Multiple Chromium Issues

fedora
Calendar Grey August 12, 2024
Dist Fedora Esm H88
The latest Fedora 39 updates for Chromium address serious security flaws, notably buffer overflow and out-of-bounds access issues.
Update to 127.0.6533.99 * Critical CVE-2024-7532: Out of bounds memory access in ANGLE * High CVE-2024-7533: Use after free in Sharing * High CVE-2024-7550: Type Confusion in V8...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

Update to 127.0.6533.99 * Critical CVE-2024-7532: Out of bounds memory access in ANGLE * High CVE-2024-7533: Use after free in Sharing * High CVE-2024-7550: Type Confusion in V8 * High CVE-2024-7534: Heap buffer overflow in Layout * High CVE-2024-7535: Inappropriate implementation in V8 * High CVE-2024-7536: Use after free in WebAudio

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora heap overflow web browser out of bounds access chromium

Change Log

* Wed Aug 7 2024 Than Ngo - 127.0.6533.99-1 - update to 127.0.6533.99 * Critical CVE-2024-7532: Out of bounds memory access in ANGLE * High CVE-2024-7533: Use after free in Sharing * High CVE-2024-7550: Type Confusion in V8 * High CVE-2024-7534: Heap buffer overflow in Layout * High CVE-2024-7535: Inappropriate implementation in V8 * High CVE-2024-7536: Use after free in WebAudio * Tue Aug 6 2024 Than Ngo - 127.0.6533.88-3 - fix rhbz#2294773 - Allow enabling vulkan on ozone wayland for AMD vaapi - add ppc64le patch to fix runtime assertion trap on ppc64el systems - refresh ppc64le patch to work around broken 64k allocator code on arm64

References


[ 1 ] Bug #2303050 - CVE-2024-7055 chromium: From NVD collector [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2303050 [ 2 ] Bug #2303343 - CVE-2024-6988 chromium: Use after free in Downloads [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2303343 [ 3 ] Bug #2303344 - CVE-2024-6988 chromium: Use after free in Downloads [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2303344 [ 4 ] Bug #2303345 - CVE-2024-6988 chromium: Use after free in Downloads [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2303345 [ 5 ] Bug #2303348 - CVE-2024-7533 chromium: Use after free in Sharing [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303348 [ 6 ] Bug #2303349 - CVE-2024-7533 chromium: Use after free in Sharing [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303349 [ 7 ] Bug #2303350 - CVE-2024-7550 chromium: Type Confusion in V8 [fedora-all] https://bugzilla.redhat.com/show...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-b60f51180f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: chromium
Product: Fedora 39
Version: 127.0.6533.99
Release: 1.fc39
URL: http://www.chromium.org/Home
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora heap overflow web browser out of bounds access chromium

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here