{"id":"MGASA-2023-0289","summary":"Updated chromium-browser-stable packages fix bugs and vulnerabilities","details":"The chromium-browser-stable package has been updated to the\n118.0.5993.70 release, fixing 20 bugs and vulnerabilities.\n\nSome of the security fixes are:\n\nCritical CVE-2023-5218: Use after free in Site Isolation. Reported by\n@18 on 2023-09-27\n\nMedium CVE-2023-5487: Inappropriate implementation in Fullscreen.\nReported by Anonymous on 2020-03-17\n\nMedium CVE-2023-5484: Inappropriate implementation in Navigation.\nReported by Thomas Orlita on 2023-02-11\n\nMedium CVE-2023-5475: Inappropriate implementation in DevTools. Reported\nby Axel Chong on 2023-08-30\n\nMedium CVE-2023-5483: Inappropriate implementation in Intents. Reported\nby Axel Chong on 2023-03-17\n\nMedium CVE-2023-5481: Inappropriate implementation in Downloads.\nReported by Om Apip on 2023-06-28\n\nMedium CVE-2023-5476: Use after free in Blink History. Reported by\nYunqin Sun on 2023-08-20\n\nMedium CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car]\non 2023-09-15\n\nMedium CVE-2023-5479: Inappropriate implementation in Extensions API.\nReported by Axel Chong on 2023-08-09\n\nLow CVE-2023-5485: Inappropriate implementation in Autofill. Reported by\nAhmed ElMasry on 2022-12-02\n\nLow CVE-2023-5478: Inappropriate implementation in Autofill. Reported by\nAhmed ElMasry on 2023-08-12\n\nLow CVE-2023-5477: Inappropriate implementation in Installer. Reported\nby Bahaa Naamneh of Crosspoint Labs on 2023-08-13\n\nLow CVE-2023-5486: Inappropriate implementation in Input. Reported by\nHafiizh on 2022-08-29\n\nLow CVE-2023-5473: Use after free in Cast. Reported by DarkNavy on\n2023-09-18\n\nNote: Access to bug details and links may be kept restricted until a\nmajority of users are updated with a fix. We will also retain\nrestrictions if the bug exists in a third party library that other\nprojects similarly depend on, but haven’t yet fixed.\n","modified":"2026-01-30T08:39:16.929735Z","published":"2023-10-19T16:11:51Z","related":["CVE-2023-5218","CVE-2023-5473","CVE-2023-5474","CVE-2023-5475","CVE-2023-5476","CVE-2023-5477","CVE-2023-5478","CVE-2023-5479","CVE-2023-5481","CVE-2023-5483","CVE-2023-5484","CVE-2023-5485","CVE-2023-5486","CVE-2023-5487"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0289.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32381"}],"affected":[{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"118.0.5993.70-1.mga9.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0289.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}