Alerts This Week
Warning Icon 1 1,355
Alerts This Week
Warning Icon 1 1,355

Fedora 40: FEDORA-2024-aaff7345b8 critical: chromium type confusion

fedora
Calendar Grey September 27, 2024
Dist Fedora Esm H88
Important security notice regarding the latest Fedora Chromium update, addressing critical vulnerabilities such as buffer overflow and type mismatch risks.
Update to 129.0.6668.70 * High CVE-2024-9120: Use after free in Dawn * High CVE-2024-9121: Inappropriate implementation in V8 * High CVE-2024-9122: Type Confusion in V8 * High ...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

Update to 129.0.6668.70 * High CVE-2024-9120: Use after free in Dawn * High CVE-2024-9121: Inappropriate implementation in V8 * High CVE-2024-9122: Type Confusion in V8 * High CVE-2024-9123: Integer overflow in Skia

Change Log

* Wed Sep 25 2024 Than Ngo - 129.0.6668.70-1 - update to 129.0.6668.70 * High CVE-2024-9120: Use after free in Dawn * High CVE-2024-9121: Inappropriate implementation in V8 * High CVE-2024-9122: Type Confusion in V8 * High CVE-2024-9123: Integer overflow in Skia * Thu Sep 19 2024 Than Ngo - 129.0.6668.58-2 - clean up

References


[ 1 ] Bug #2314362 - CVE-2024-7024 chromium: V8 Sandbox Bypass: wasm function signature confusion leading to out of sandbox arbitrary read/write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314362 [ 2 ] Bug #2314363 - CVE-2024-7024 chromium: V8 Sandbox Bypass: wasm function signature confusion leading to out of sandbox arbitrary read/write [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314363 [ 3 ] Bug #2314365 - CVE-2024-7022 chromium: out of bounds memory access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314365 [ 4 ] Bug #2314366 - CVE-2024-7022 chromium: out of bounds memory access [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314366 [ 5 ] Bug #2314367 - CVE-2024-7020 chromium: Inappropriate implementation in Autofill in Google Chrome [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2314367 [ 6 ] Bug #2314368 - CVE-2024-7020 chromium: Inappropriate implementation in ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-aaff7345b8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: chromium
Product: Fedora 40
Version: 129.0.6668.70
Release: 1.fc40
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here