{"id":"MGASA-2024-0190","summary":"Updated chromium-browser-stable packages fix security vulnerabilities","details":"The chromium-browser-stable package has been updated to the\n125.0.6422.60 release. It includes 9 security fixes.\nPlease, do note, only x86_64 is supported from now on.\ni586 support for linux was stopped some years ago and the community is\nnot able to provide patches anymore for the latest Chromium code.\nSome of the security fixes are:\n* CVE-2024-4947: Type Confusion in V8. Reported by Vasily Berdnikov\n(@vaber_b) and Boris Larin (@oct0xor) of Kaspersky on 2024-05-13\n* High CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz on\n2024-04-09\n* Medium CVE-2024-4949: Use after free in V8. Reported by Ganjiang\nZhou(@refrain_areu) of ChaMd5-H1 team on 2024-02-24\n* Low CVE-2024-4950: Inappropriate implementation in Downloads. Reported\nby Shaheen Fazim on 2023-06-06\nGoogle is aware that an exploit for CVE-2024-4947 exists in the wild.\n","modified":"2026-02-04T03:24:56.425289Z","published":"2024-05-21T23:17:20Z","related":["CVE-2024-4947","CVE-2024-4948","CVE-2024-4949","CVE-2024-4950"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0190.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33227"},{"type":"REPORT","url":"https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html"}],"affected":[{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"125.0.6422.60-1.1.mga9.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0190.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}