{"id":"MGASA-2023-0283","summary":"Updated chromium-browser-stable package fixes bugs and vulnerabilities","details":"The chromium-browser-stable package has been updated to the 117.0.5938.92\nrelease, fixing bugs and 31 vulnerabilities, together with 117.0.5938.92,\n117.0.5938.88, 117.0.5938.62, 116.0.5845.187 and 116.0.5845.179.\n\nGoogle is aware that an exploit for CVE-2023-5217 exists in the wild.\n\nHigh CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx.\nReported by Clément Lecigne of Google's Threat Analysis Group on\n2023-09-25\n\nHigh CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car]\non 2023-09-05\n\nHigh CVE-2023-5187: Use after free in Extensions. Reported by\nThomas Orlita on 2023-08-25\n\nCritical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple\nSecurity Engineering and Architecture (SEAR) and The Citizen Lab at The\nUniversity of Torontoʼs Munk School on 2023-09-06\n\nMedium CVE-2023-4900: Inappropriate implementation in Custom Tabs.\nReported by Levit Nudi from Kenya on 2023-04-06\n\nMedium CVE-2023-4901: Inappropriate implementation in Prompts. Reported\nby Kang Ali on 2023-06-29\n\nMedium CVE-2023-4902: Inappropriate implementation in Input. Reported by\nAxel Chong on 2023-06-14\n\nMedium CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs.\nReported by Ahmed ElMasry on 2023-05-18\n\nMedium CVE-2023-4904: Insufficient policy enforcement in Downloads.\nReported by Tudor Enache @tudorhacks on 2023-06-09\n\nMedium CVE-2023-4905: Inappropriate implementation in Prompts. Reported\nby Hafiizh on 2023-04-29\n\nLow CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported\nby Ahmed ElMasry on 2023-05-30\n\nLow CVE-2023-4907: Inappropriate implementation in Intents. Reported by\nMohit Raj (shadow2639)  on 2023-07-04\n\nLow CVE-2023-4908: Inappropriate implementation in Picture in Picture.\nReported by Axel Chong on 2023-06-06\n\nLow CVE-2023-4909: Inappropriate implementation in Interstitials.\nReported by Axel Chong on 2023-07-09\n\nCritical CVE-2023-4863: Heap buffer overflow in WebP\n\nHigh CVE-2023-4761: Out of bounds memory access in FedCM. Reported by\nDarkNavy on 2023-08-28\n\nHigh CVE-2023-4762: Type Confusion in V8. Reported by anonymous on\n2023-08-16\n\nHigh CVE-2023-4763: Use after free in Networks. Reported by anonymous\non 2023-08-03\n\nHigh CVE-2023-4764: Incorrect security UI in BFCache. Reported by Irvan\nKurniawan (sourc7) on 2023-05-20\n","modified":"2026-02-04T02:45:30.872555Z","published":"2023-10-03T10:53:29Z","related":["CVE-2023-4761","CVE-2023-4762","CVE-2023-4763","CVE-2023-4764","CVE-2023-4863","CVE-2023-4900","CVE-2023-4901","CVE-2023-4902","CVE-2023-4903","CVE-2023-4904","CVE-2023-4905","CVE-2023-4906","CVE-2023-4907","CVE-2023-4908","CVE-2023-4909","CVE-2023-5186","CVE-2023-5187","CVE-2023-5217"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0283.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32317"},{"type":"REPORT","url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html"},{"type":"REPORT","url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_21.html"},{"type":"REPORT","url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_15.html"},{"type":"REPORT","url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html"},{"type":"REPORT","url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html"},{"type":"REPORT","url":"https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html"}],"affected":[{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"117.0.5938.132-1.mga9.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0283.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}