Mageia 2023-0016: chromium-browser-stable security update | LinuxSe...

What Are You Looking For?

Popular Tags

Contribute
MGASA-2023-0016 - Updated chromium-browser-stable packages fix security vulnerability

Publication date: 24 Jan 2023
URL: https://advisories.mageia.org/MGASA-2023-0016.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2023-0128,
     CVE-2023-0129,
     CVE-2023-0130,
     CVE-2023-0131,
     CVE-2023-0132,
     CVE-2023-0133,
     CVE-2023-0134,
     CVE-2023-0135,
     CVE-2023-0136,
     CVE-2023-0137,
     CVE-2023-0138,
     CVE-2023-0139,
     CVE-2023-0140,
     CVE-2023-0141

The chromium-browser-stable package has been updated to the 109.0.5414.74
release, fixing 17 vulnerabilities.

Some of the security fixes are -

High CVE-2023-0128 Use after free in Overview Mode. Reported by Khalil
Zhani on 2022-08-16
High CVE-2023-0129 Heap buffer overflow in Network Service. Reported by
asnine on 2022-11-07
Medium CVE-2023-0130 Inappropriate implementation in Fullscreen API.
Reported by Hafiizh on 2022-09-30
Medium CVE-2023-0131 Inappropriate implementation in iframe Sandbox.
Reported by NDevTK on 2022-08-28
Medium CVE-2023-0132 Inappropriate implementation in Permission prompts.
Reported by Jasper Rebane (popstonia) on 2022-10-05
Medium CVE-2023-0133 Inappropriate implementation in Permission prompts.
Reported by Alesandro Ortiz on 2022-10-17
Medium CVE-2023-0134 Use after free in Cart. Reported by Chaoyuan Peng
(@ret2happy) on 2022-11-17
Medium CVE-2023-0135 Use after free in Cart. Reported by Chaoyuan Peng
(@ret2happy) on 2022-11-18
Medium CVE-2023-0136 Inappropriate implementation in Fullscreen API.
Reported by Axel Chong on 2022-08-26
Medium CVE-2023-0137 Heap buffer overflow in Platform Apps. Reported by
avaue and Buff3tts at S.S.L. on 2022-12-10
Low CVE-2023-0138 Heap buffer overflow in libphonenumber. Reported by
Michael Dau on 2022-07-23
Low CVE-2023-0139 Insufficient validation of untrusted input in Downloads.
Reported by Axel Chong on 2022-09-24
Low CVE-2023-0140 Inappropriate implementation in File System API.
Reported by harrison.mitchell, cybercx.com.au  on 2022-05-18
Low CVE-2023-0141 Insufficient policy enforcement in CORS. Reported by
scarlet on 2022-09-12

References:
- https://bugs.mageia.org/show_bug.cgi?id=31389
- https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html
- https://www.androidpolice.com/google-chrome-109/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0128
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0129
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0130
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0131
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0132
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0133
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0134
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0135
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0136
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0137
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0138
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0139
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0140
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0141

SRPMS:
- 8/core/chromium-browser-stable-109.0.5414.74-1.mga8

Mageia 2023-0016: chromium-browser-stable security update

The chromium-browser-stable package has been updated to the 109.0.5414.74 release, fixing 17 vulnerabilities

Summary

The chromium-browser-stable package has been updated to the 109.0.5414.74 release, fixing 17 vulnerabilities.
Some of the security fixes are -
High CVE-2023-0128 Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16 High CVE-2023-0129 Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07 Medium CVE-2023-0130 Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30 Medium CVE-2023-0131 Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28 Medium CVE-2023-0132 Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05 Medium CVE-2023-0133 Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17 Medium CVE-2023-0134 Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17 Medium CVE-2023-0135 Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18 Medium CVE-2023-0136 Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26 Medium CVE-2023-0137 Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10 Low CVE-2023-0138 Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23 Low CVE-2023-0139 Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24 Low CVE-2023-0140 Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18 Low CVE-2023-0141 Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12

References

- https://bugs.mageia.org/show_bug.cgi?id=31389

- https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html

- https://www.androidpolice.com/google-chrome-109/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0128

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0129

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0130

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0131

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0132

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0133

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0134

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0135

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0136

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0137

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0138

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0139

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0140

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0141

Resolution

MGASA-2023-0016 - Updated chromium-browser-stable packages fix security vulnerability

SRPMS

- 8/core/chromium-browser-stable-109.0.5414.74-1.mga8

Severity
Publication date: 24 Jan 2023
URL: https://advisories.mageia.org/MGASA-2023-0016.html
Type: security
CVE: CVE-2023-0128, CVE-2023-0129, CVE-2023-0130, CVE-2023-0131, CVE-2023-0132, CVE-2023-0133, CVE-2023-0134, CVE-2023-0135, CVE-2023-0136, CVE-2023-0137, CVE-2023-0138, CVE-2023-0139, CVE-2023-0140, CVE-2023-0141

News

Advisories

HOWTOs

Features

How to Check if Your Linux System is Infected with a Virus
Security Considerations for Azure Linux & Windows Subsystem for Linux Users
Admins Receive Automated Linux Patch Management & Improved Security with ManageEngine Endpoint Central
Linux Malware: The Truth About This Growing Threat [Updated]
How Physical Security Blends With Cybersecurity

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy