MGASA-2023-0090 - Updated chromium-browser-stable packages fix security vulnerability

Publication date: 11 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0090.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2023-1213,
     CVE-2023-1214,
     CVE-2023-1215,
     CVE-2023-1216,
     CVE-2023-1217,
     CVE-2023-1218,
     CVE-2023-1219,
     CVE-2023-1220,
     CVE-2023-1221,
     CVE-2023-1222,
     CVE-2023-1223,
     CVE-2023-1224,
     CVE-2023-1225,
     CVE-2023-1226,
     CVE-2023-1227,
     CVE-2023-1228,
     CVE-2023-1229,
     CVE-2023-1230,
     CVE-2023-1231,
     CVE-2023-1232,
     CVE-2023-1233,
     CVE-2023-1234,
     CVE-2023-1235,
     CVE-2023-1236

High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun
Jeong(@n3sk) of Theori on 2023-01-30

High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub
Security Lab on 2023-02-03

High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on
2023-02-17

High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang
Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21

High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by
sunburst of Ant Group Tianqiong Security Lab on 2023-02-03

High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on
2023-02-07

High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei
Glazunov of Google Project Zero on 2023-02-13

High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei
Glazunov of Google Project Zero on 2023-02-17

Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API.
Reported by Ahmed ElMasry on 2022-11-16

Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by
Cassidy Kim(@cassidy6564) on 2022-12-24

Medium CVE-2023-1223: Insufficient policy enforcement in Autofill.
Reported by Ahmed ElMasry on 2022-12-07

Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API.
Reported by Thomas Orlita on 2022-12-25

Medium CVE-2023-1225: Insufficient policy enforcement in Navigation.
Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20

Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API.
Reported by Anonymous on 2019-10-10

Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on
2022-07-31

Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported
by Axel Chong on 2022-09-18

Medium CVE-2023-1229: Inappropriate implementation in Permission prompts.
Reported by Thomas Orlita on 2020-12-20

Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs.
Reported by Axel Chong on 2022-12-30

Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported
by Yan Zhu, Brave on 2021-11-30

Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing.
Reported by Sohom Datta on 2022-07-24

Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing.
Reported by Soroush Karami on 2020-01-25

Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by
Axel Chong on 2023-01-03

Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at
KunLun lab on 2023-01-03

Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by
Alesandro Ortiz on 2022-10-14

References:
- https://bugs.mageia.org/show_bug.cgi?id=31645
- https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html
- https://www.howtogeek.com/877321/whats-new-in-chrome-111/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1213
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1214
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1215
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1216
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1217
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1218
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1219
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1220
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1221
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1222
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1223
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1224
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1225
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1226
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1227
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1228
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1229
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1230
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1231
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1232
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1233
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1235
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1236

SRPMS:
- 8/core/chromium-browser-stable-111.0.5563.64-1.mga8

Mageia 2023-0090: chromium-browser-stable security update

High CVE-2023-1213: Use after free in Swiftshader

Summary

High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30
High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03
High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17
High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21
High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03
High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on 2023-02-07
High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero on 2023-02-13
High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero on 2023-02-17
Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry on 2022-11-16
Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24
Medium CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-12-07
Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita on 2022-12-25
Medium CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20
Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous on 2019-10-10
Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on 2022-07-31
Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18
Medium CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita on 2020-12-20
Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong on 2022-12-30
Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave on 2021-11-30
Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta on 2022-07-24
Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami on 2020-01-25
Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-01-03
Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-03
Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz on 2022-10-14

References

- https://bugs.mageia.org/show_bug.cgi?id=31645

- https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html

- https://www.howtogeek.com/877321/whats-new-in-chrome-111/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1213

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1214

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1215

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1216

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1217

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1218

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1219

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1220

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1221

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1222

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1223

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1224

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1225

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1226

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1227

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1228

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1229

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1230

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1231

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1232

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1233

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1235

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1236

Resolution

MGASA-2023-0090 - Updated chromium-browser-stable packages fix security vulnerability

SRPMS

- 8/core/chromium-browser-stable-111.0.5563.64-1.mga8

Severity

Publication date: 11 Mar 2023

URL: https://advisories.mageia.org/MGASA-2023-0090.html

Type: security

CVE: CVE-2023-1213, CVE-2023-1214, CVE-2023-1215, CVE-2023-1216, CVE-2023-1217, CVE-2023-1218, CVE-2023-1219, CVE-2023-1220, CVE-2023-1221, CVE-2023-1222, CVE-2023-1223, CVE-2023-1224, CVE-2023-1225, CVE-2023-1226, CVE-2023-1227, CVE-2023-1228, CVE-2023-1229, CVE-2023-1230, CVE-2023-1231, CVE-2023-1232, CVE-2023-1233, CVE-2023-1234, CVE-2023-1235, CVE-2023-1236

What Are You Looking For?

Popular Tags

Mageia 2023-0090: chromium-browser-stable security update

Summary

References

Resolution

SRPMS

Critical RCE Vulnerability Discovered in ClamAV Open Source Antivirus Software

Government Issues ‘High’ Severity Security Alert for THESE Google Users

Critical Local Privilege Escalation Vulnerability in Linux kernel. Patch immediately

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More

Verifying Linux Server Security: What Every Admin Needs to Know

What Linux, Windows & Mac OS Users Need to Know About VPNs

Complete Guide to Vulnerability Basics

How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

What Are You Looking For?

Popular Tags

Mageia 2023-0090: chromium-browser-stable security update

Summary

References

Resolution

SRPMS

Get the Latest News & Insights

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By