{"id":"MGASA-2024-0230","summary":"Updated chromium-browser-stable packages fix security vulnerabilities","details":"The chromium-browser-stable package has been updated to the\n126.0.6478.61 release. It includes 21 security fixes.\nSome of them are:\n* High CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of\nGitHub Security Lab on 2024-05-24\n* High CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz on\n2024-05-07\n* High CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz on\n2024-05-13\n* High CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel on\n2024-05-24\n* High CVE-2024-5834: Inappropriate implementation in Dawn. Reported by\ngelatin dessert on 2024-05-26\n* High CVE-2024-5835: Heap buffer overflow in Tab Groups. Reported by\nWeipeng Jiang (@Krace) of VRI on 2024-05-22\n* High CVE-2024-5836: Inappropriate Implementation in DevTools. Reported\nby Allen Ding on 2024-05-21\n* High CVE-2024-5837: Type Confusion in V8. Reported by Anonymous on\n2024-05-23\n* High CVE-2024-5838: Type Confusion in V8. Reported by Zhenghang Xiao\n(@Kipreyyy) on 2024-05-24\n* Medium CVE-2024-5839: Inappropriate Implementation in Memory\nAllocator. Reported by Micky on 2024-05-13\n* Medium CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard\non 2024-01-17\n* Medium CVE-2024-5841: Use after free in V8. Reported by Cassidy\nKim(@cassidy6564) on 2024-02-26\n* Medium CVE-2024-5842: Use after free in Browser UI. Reported by Sven\nDysthe (@svn_dy) on 2023-01-12\n* Medium CVE-2024-5843: Inappropriate implementation in Downloads.\nReported by hjy79425575 on 2024-04-12\n* Medium CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by\nSri on 2024-04-01\n* Medium CVE-2024-5845: Use after free in Audio. Reported by anonymous\non 2024-05-13\n* Medium CVE-2024-5846: Use after free in PDFium. Reported by Han Zheng\n(HexHive) on 2024-05-16\n* Medium CVE-2024-5847: Use after free in PDFium. Reported by Han Zheng\n(HexHive) on 2024-05-18\nPlease, do note, only x86_64 is supported since some versions ago.\ni586 support for linux was stopped some years ago and the community is\nnot able to provide patches anymore for the latest Chromium code.\n","modified":"2026-02-01T13:47:16.721102Z","published":"2024-06-20T17:46:05Z","related":["CVE-2024-5830","CVE-2024-5831","CVE-2024-5832","CVE-2024-5833","CVE-2024-5834","CVE-2024-5835","CVE-2024-5836","CVE-2024-5837","CVE-2024-5838","CVE-2024-5839","CVE-2024-5840","CVE-2024-5841","CVE-2024-5842","CVE-2024-5843","CVE-2024-5844","CVE-2024-5845","CVE-2024-5846","CVE-2024-5847"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0230.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33308"},{"type":"REPORT","url":"https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_13.html"},{"type":"REPORT","url":"https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html"}],"affected":[{"package":{"name":"chromium-browser-stable","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/chromium-browser-stable?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"126.0.6478.61-1.mga9.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0230.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}