Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 40: FEDORA-2024-3a1a0a664e Critical: Chromium Security Flaws

fedora
Calendar Grey August 3, 2024
Dist Fedora Esm H88
The latest update for Fedora 40 brings crucial enhancements to Chromium, addressing significant security vulnerabilities such as uninitialized variable utilization and data integrity concerns.
update to 127.0.6533.88 Critical CVE-2024-6990: Uninitialized Use in Dawn High CVE-2024-7255: Out of bounds read in WebTransport High CVE-2024-7256: Insufficient data validation in...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

update to 127.0.6533.88 Critical CVE-2024-6990: Uninitialized Use in Dawn High CVE-2024-7255: Out of bounds read in WebTransport High CVE-2024-7256: Insufficient data validation in Dawn update to 127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate im...

Topics%20covered

Topics Covered

security advisory update critical Fedora browser Chromium data validation

Change Log

* Thu Aug 1 2024 Than Ngo - 127.0.6533.88-2 - remove old patch that seems to be the cause of a crash when the user set user.max_user_namespaces to 0 * Wed Jul 31 2024 Than Ngo - 127.0.6533.88-1 - update to 127.0.6533.88 * Wed Jul 24 2024 Than Ngo - 127.0.6533.72-1 - update to 127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe

References


[ 1 ] Bug #2299576 - 127.0.6533.72 released, fixing many CVEs https://bugzilla.redhat.com/show_bug.cgi?id=2299576 [ 2 ] Bug #2299689 - Adopt the ppc64le patches from OpenPOWER patchset https://bugzilla.redhat.com/show_bug.cgi?id=2299689 [ 3 ] Bug #2300183 - 127.0.6533.72 koji build crashes occasionally and consistently when usernamespaces are disabled https://bugzilla.redhat.com/show_bug.cgi?id=2300183 [ 4 ] Bug #2301846 - 127.0.6533.88 released, fixing one Critical and two High CVEs https://bugzilla.redhat.com/show_bug.cgi?id=2301846

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-3a1a0a664e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: chromium
Product: Fedora 40
Version: 127.0.6533.88
Release: 2.fc40
URL: http://www.chromium.org/Home
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Topics%20covered

Topics Covered

security advisory update critical Fedora browser Chromium data validation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here