Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 41: FEDORA-2024-9e85c72624 Critical: Chromium Heap Overflow

fedora
Calendar Grey September 18, 2024
Dist Fedora Esm H88
Significant enhancements for Chromium in Fedora 41 tackle heap buffer overflows and type confusion risks.
update to 128.0.6613.137 * High CVE-2024-8636: Heap buffer overflow in Skia * High CVE-2024-8637: Use after free in Media Router * High CVE-2024-8638: Type Confusion in V8 * Hi...

Summary

Chromium is an open-source web browser, powered by WebKit (Blink).

Update Information:

update to 128.0.6613.137 * High CVE-2024-8636: Heap buffer overflow in Skia * High CVE-2024-8637: Use after free in Media Router * High CVE-2024-8638: Type Confusion in V8 * High CVE-2024-8639: Use after free in Autofill

Topics%20covered

Topics Covered

security advisory Fedora heap overflow use after free type confusion media router

Change Log

* Wed Sep 11 2024 Than Ngo - 128.0.6613.137-1 - update to 128.0.6613.137 * High CVE-2024-8636: Heap buffer overflow in Skia * High CVE-2024-8637: Use after free in Media Router * High CVE-2024-8638: Type Confusion in V8 * High CVE-2024-8639: Use after free in Autofill

References


[ 1 ] Bug #2311182 - CVE-2024-45590 chromium: Denial of Service Vulnerability in body-parser [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2311182 [ 2 ] Bug #2311196 - CVE-2024-45590 chromium: Denial of Service Vulnerability in body-parser [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2311196 [ 3 ] Bug #2311225 - CVE-2024-45590 chromium: Denial of Service Vulnerability in body-parser [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2311225 [ 4 ] Bug #2311373 - CVE-2024-43796 chromium: Improper Input Handling in Express Redirects [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2311373 [ 5 ] Bug #2311378 - CVE-2024-43796 chromium: Improper Input Handling in Express Redirects [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2311378 [ 6 ] Bug #2311393 - CVE-2024-43796 chromium: Improper Input Handling in Express Redirects [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2311...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-9e85c72624' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: chromium
Product: Fedora 41
Version: 128.0.6613.137
Release: 1.fc41
URL: http://www.chromium.org/Home
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use

Topics%20covered

Topics Covered

security advisory Fedora heap overflow use after free type confusion media router

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here