{"id":"MGASA-2024-0150","summary":"Updated chromium-browser-stable packages fix security vulnerabilities","details":"The chromium-browser-stable package has been updated to the\n124.0.6367.60 release. It includes 23 security fixes.\nPlease, do note, only x86_64 is supported from now on.\ni586 support for linux was stopped some years ago and the community is\nnot able to provide patches anymore for the latest Chromium code.\nSome of the security fixes are:\n* High CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of\nGitHub Security Lab on 2024-03-27\n* High CVE-2024-3833: Object corruption in WebAssembly. Reported by Man\nYue Mo of GitHub Security Lab on 2024-03-27\n* High CVE-2024-3914: Use after free in V8. Reported by Seunghyun Lee\n(@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21\n* High CVE-2024-3834: Use after free in Downloads. Reported by\nChaobinZhang on 2024-02-24\n* Medium CVE-2024-3837: Use after free in QUIC. Reported by {rotiple,\ndch3ck} of CW Research Inc. on 2024-01-15\n* Medium CVE-2024-3838: Inappropriate implementation in Autofill.\nReported by KiriminAja on 2024-03-06\n* Medium CVE-2024-3839: Out of bounds read in Fonts. Reported by Ronald\nCrane (Zippenhop LLC) on 2024-01-16\n* Medium CVE-2024-3840: Insufficient policy enforcement in Site\nIsolation. Reported by Ahmed ElMasry on 2024-01-22\n* Medium CVE-2024-3841: Insufficient data validation in Browser\nSwitcher. Reported by Oleg on 2024-03-19\n* Medium CVE-2024-3843: Insufficient data validation in Downloads.\nReported by Azur on 2023-12-24\n* Low CVE-2024-3844: Inappropriate implementation in Extensions.\nReported by Alesandro Ortiz on 2022-02-23\n* Low CVE-2024-3845: Inappropriate implementation in Network. Reported\nby Daniel Baulig on 2024-02-03\n* Low CVE-2024-3846: Inappropriate implementation in Prompts. Reported\nby Ahmed ElMasry on 2023-05-23\n* Low CVE-2024-3847: Insufficient policy enforcement in WebUI. Reported\nby Yan Zhu on 2024-03-08\n* High CVE-2024-3157: Out of bounds write in Compositing. Reported by\nDarkNavy on 2024-03-26\n* High CVE-2024-3516: Heap buffer overflow in ANGLE. Reported by Bao\n(zx) Pham and Toan (suto) Pham of Qrious Secure on 2024-03-09\n* High CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz on\n2024-03-25\n","modified":"2026-02-04T02:47:16.735936Z","published":"2024-04-27T00:37:18Z","related":["CVE-2024-3157","CVE-2024-3515","CVE-2024-3516","CVE-2024-3832","CVE-2024-3833","CVE-2024-3834","CVE-2024-3837","CVE-2024-3838","CVE-2024-3839","CVE-2024-3840","CVE-2024-3841","CVE-2024-3843","CVE-2024-3844","CVE-2024-3845","CVE-2024-3846","CVE-2024-3847","CVE-2024-3914"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0150.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33137"},{"type":"REPORT","url":"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html"},{"type":"REPORT","url":"https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html"}],"affected":[{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"124.0.6367.60-1.mga9.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0150.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}