Hello Linux users,

Several severe security flaws were recently found in the Chromium open-source web browser project that is the basis of Chrome and many other widely used browsers. These bugs could make for a really bad day of browsing - granting attackers access to your network, enabling them to install harmful malware, steal sensitive data, and prevent Internet access. Can you imagine losing access to your critical Linux systems or having your data end up in the hands of a threat actor? 

Find out more about what happens when your Linux box is hacked by this exploit! I'll explain: 

  • These recent Chromium bugs and their impact.
  • How to determine if you are affected. 
  • How to update Chrome to mitigate your risk.

Read on to learn about another critical flaw in the Linux kernel's dmam_free_coherent() function that could result in data theft and service disruption, among other damaging repercussions.

If you found value in today’s newsletter, please share it with your friends! Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate, insightful community members who share our love for Linux and security!

Stay safe out there,

Brittany Signature 150 Esm W150

Chromium

The Discovery 

Several severe security flaws were recently found in Chromium, the open-source web browser project that is the basis of Chrome and many other widely used browsers. CVE-2024-7532 was identified as the most significant vulnerability involving out-of-bounds memory access in ANGLE (Almost Native Graphics Layer Engine). Considered critical, this bug could enable attackers to execute arbitrary code and cause system crashes.

Chromium Esm W225

The Impact

These bugs could enable attackers to access your network, steal sensitive data, install malware, and disrupt services.

The Fix

Distros have released important Chromium bug fixes to mitigate these vulnerabilities. We urge you to promptly apply these updates to secure your network, systems, and data.

Your Related Advisories:

Register to Customize Your Advisories

Linux Kernel

The Discovery 

new security bug, CVE-2024-43856, has been found in the Linux kernel's dmam_free_coherent() function. Direct Memory Access (DMA) is an integral feature that enables hardware devices to move data directly between system memory and hardware devices without going through the CPU. However, if this process becomes compromised—as with this recent flaw—it could lead to incorrect memory access, data corruption, unexpected behavior, or system crashes.

LinuxKernel Esm W206

The Impact

This vulnerability could result in data theft and service disruption, among other damaging repercussions.

The Fix

Patches have been released to fix this critical issue. Admins should implement the updates released by their distros immediately to protect their sensitive data and maintain system access. 

Your Related Advisories:

Register to Customize Your Advisories