Lucene search

K
mageiaGentoo FoundationMGASA-2023-0322
HistoryNov 20, 2023 - 1:04 p.m.

Updated chromium-browser-stable packages fix bugs and vulnerabilities

2023-11-2013:04:11
Gentoo Foundation
advisories.mageia.org
47
chromium browser update
bug fix
vulnerability fix
security patches
usb validation
payment implementation
use after free
integer overflow
incorrect security ui
insufficient data validation
printing issue

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

The chromium-browser-stable package has been updated to the 119.0.6045.159 release, fixing bugs and 15 vulnerabilities, together with 119.0.6045.123 and 119.0.6045.105; some of them are listed below: High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2023-10-14 High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13 High CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy on 2023-10-13 High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30 High CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous on 2023-10-31 High CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero on 2023-11-04 Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639) on 2021-12-22 Medium CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-08-18 Medium CVE-2023-5852: Use after free in Printing. Reported by [pwn2car] on 2023-09-10 Medium CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh on 2023-06-22 Medium CVE-2023-5854: Use after free in Profiles. Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ on 2023-10-01 Medium CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang on 2023-10-13 Medium CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17 Medium CVE-2023-5857: Inappropriate implementation in Downloads. Reported by Will Dormann on 2023-10-18 Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Reported by Axel Chong on 2023-06-24 Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee on 2023-09-13

OSVersionArchitecturePackageVersionFilename
Mageia9noarchchromium-browser-stable< 119.0.6045.159-1chromium-browser-stable-119.0.6045.159-1.mga9.tainted

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%