Fedora Linux 8485 Published by

An updated chromium package is available for Fedora Linux 39:

Fedora 39 Update: chromium-120.0.6099.199-1.fc39




Fedora 39 Update: chromium-120.0.6099.199-1.fc39


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-210776b8c7
2024-01-05 01:07:03.434431
--------------------------------------------------------------------------------

Name : chromium
Product : Fedora 39
Version : 120.0.6099.199
Release : 1.fc39
URL : http://www.chromium.org/Home
Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use
Description :
Chromium is an open-source web browser, powered by WebKit (Blink).

--------------------------------------------------------------------------------
Update Information:

update to 120.0.6099.199 - CVE-2023-6879 aom: heap-buffer-overflow on frame
size change - CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz -
CVE-2024-0222: Use after free in ANGLE - CVE-2024-0223: Heap buffer overflow in
ANGLE - CVE-2024-0224: Use after free in WebAudio - CVE-2024-0225: Use after
free in WebGPU
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 4 2024 Than Ngo [than@redhat.com] - 120.0.6099.199-1
- new gn update, drop workaround for broken gn on epel 8/9
- update to 120.0.6099.199
* CVE-2024-0222: Use after free in ANGLE
* CVE-2024-0223: Heap buffer overflow in ANGLE
* CVE-2024-0224: Use after free in WebAudio
* CVE-2024-0225: Use after free in WebGPU
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2256057 - CVE-2023-6879 chromium: aom: heap-buffer-overflow on frame size change [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2256057
[ 2 ] Bug #2256199 - CVE-2023-7104 chromium: sqlite: heap-buffer-overflow at sessionfuzz [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2256199
[ 3 ] Bug #2256796 - CVE-2024-0222 chromium: Use after free in ANGLE, compromised the renderer process to potentially exploit heap corruption via a crafted HTML page [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2256796
[ 4 ] Bug #2256803 - CVE-2024-0223 chromium: heap corruption via a crafted HTML page in angle [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2256803
[ 5 ] Bug #2256809 - CVE-2024-0224 chromium: heap corruption via a crafted HTML page in webaudio [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2256809
[ 6 ] Bug #2256815 - CVE-2024-0225 chromium: heap corruption via a crafted HTML page in webgpu [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2256815
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-210776b8c7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--