{"id":"MGASA-2023-0016","summary":"Updated chromium-browser-stable packages fix security vulnerability","details":"The chromium-browser-stable package has been updated to the 109.0.5414.74\nrelease, fixing 17 vulnerabilities.\n\nSome of the security fixes are -\n\nHigh CVE-2023-0128 Use after free in Overview Mode. Reported by Khalil\nZhani on 2022-08-16\nHigh CVE-2023-0129 Heap buffer overflow in Network Service. Reported by\nasnine on 2022-11-07\nMedium CVE-2023-0130 Inappropriate implementation in Fullscreen API.\nReported by Hafiizh on 2022-09-30\nMedium CVE-2023-0131 Inappropriate implementation in iframe Sandbox.\nReported by NDevTK on 2022-08-28\nMedium CVE-2023-0132 Inappropriate implementation in Permission prompts.\nReported by Jasper Rebane (popstonia) on 2022-10-05\nMedium CVE-2023-0133 Inappropriate implementation in Permission prompts.\nReported by Alesandro Ortiz on 2022-10-17\nMedium CVE-2023-0134 Use after free in Cart. Reported by Chaoyuan Peng\n(@ret2happy) on 2022-11-17\nMedium CVE-2023-0135 Use after free in Cart. Reported by Chaoyuan Peng\n(@ret2happy) on 2022-11-18\nMedium CVE-2023-0136 Inappropriate implementation in Fullscreen API.\nReported by Axel Chong on 2022-08-26\nMedium CVE-2023-0137 Heap buffer overflow in Platform Apps. Reported by\navaue and Buff3tts at S.S.L. on 2022-12-10\nLow CVE-2023-0138 Heap buffer overflow in libphonenumber. Reported by\nMichael Dau on 2022-07-23\nLow CVE-2023-0139 Insufficient validation of untrusted input in Downloads.\nReported by Axel Chong on 2022-09-24\nLow CVE-2023-0140 Inappropriate implementation in File System API.\nReported by harrison.mitchell, cybercx.com.au  on 2022-05-18\nLow CVE-2023-0141 Insufficient policy enforcement in CORS. Reported by\nscarlet on 2022-09-12\n","modified":"2026-02-02T12:21:23.035428Z","published":"2023-01-24T07:58:25Z","related":["CVE-2023-0128","CVE-2023-0129","CVE-2023-0130","CVE-2023-0131","CVE-2023-0132","CVE-2023-0133","CVE-2023-0134","CVE-2023-0135","CVE-2023-0136","CVE-2023-0137","CVE-2023-0138","CVE-2023-0139","CVE-2023-0140","CVE-2023-0141"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0016.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31389"},{"type":"REPORT","url":"https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html"},{"type":"REPORT","url":"https://www.androidpolice.com/google-chrome-109/"}],"affected":[{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"109.0.5414.74-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0016.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}