Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 39: 2024-f2e57b108e Critical: Chromium Memory Issues

fedora
Calendar Grey August 2, 2024
Dist Fedora Esm H88
This release addresses multiple critical vulnerabilities in Chromium for Fedora 39, improving overall browsing security.
update to 127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-69...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

update to 127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe

Topics%20covered

Topics Covered

security advisory fedora update software fix memory issue browser security chromium

Change Log

* Wed Jul 24 2024 Than Ngo - 127.0.6533.72-1 - update to 127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe * Sat Jul 20 2024 Than Ngo - 126.0.6478.182-2 - fix condition for is_cfi/use_thin_lto on aarch64/ppc64le - update powerpc patches

References


[ 1 ] Bug #2299576 - 127.0.6533.72 released, fixing many CVEs https://bugzilla.redhat.com/show_bug.cgi?id=2299576 [ 2 ] Bug #2299689 - Adopt the ppc64le patches from OpenPOWER patchset https://bugzilla.redhat.com/show_bug.cgi?id=2299689

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-f2e57b108e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: chromium
Product: Fedora 39
Version: 127.0.6533.72
Release: 1.fc39
URL: http://www.chromium.org/Home
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Topics%20covered

Topics Covered

security advisory fedora update software fix memory issue browser security chromium

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here