{"id":"MGASA-2024-0109","summary":"Updated chromium-browser-stable packages fix security vulnerabilities","details":"The chromium-browser-stable package has been updated to the\n123.0.6312.105 release.\nSince the last update 120.0.6099.224, 66 vulnerabilities are fixed,\nincluding:\nHigh CVE-2024-3156: Inappropriate implementation in V8. Reported by\nZhenghang Xiao (@Kipreyyy) on 2024-03-12\nHigh CVE-2024-3158: Use after free in Bookmarks. Reported by undoingfish\non 2024-03-17\nHigh CVE-2024-3159: Out of bounds memory access in V8. Reported by\nEdouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto Networks,\nvia Pwn2Own 2024 on 2024-03-22\nMore information are available following the links listed as references.\nPlease, do note, only x86_64 is supported from now on.\ni586 support for linux was stopped some years ago and the community is\nnot able to provide patches anymore for the latest Chromium code.\n","modified":"2026-04-16T00:10:18.090995426Z","published":"2024-04-05T18:24:25Z","upstream":["CVE-2024-3156","CVE-2024-3158","CVE-2024-3159"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0109.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33056"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33032"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_22.html"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html"},{"type":"WEB","url":"https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html"}],"affected":[{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"123.0.6312.105-1.mga9.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0109.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}