ELBA-2024-20057
- ULN >
- Oracle Linux Errata repository >
- ELBA-2024-20057
ELBA-2024-20057 - chromium Bug Fix update
| Type: | BUG |
| Severity: | NA |
| Release Date: | 2024-04-08 |
Description
[123.0.6312.58-1]
- update to 123.0.6312.58
* High CVE-2024-2625: Object lifecycle issue in V8
* Medium CVE-2024-2626: Out of bounds read in Swiftshader
* Medium CVE-2024-2627: Use after free in Canvas
* Medium CVE-2024-2628: Inappropriate implementation in Downloads
* Medium CVE-2024-2629: Incorrect security UI in iOS
* Medium CVE-2024-2630: Inappropriate implementation in iOS
* Low CVE-2024-2631: Inappropriate implementation in iOS
[123.0.6312.46-1]
- update to 123.0.6312.46
[122.0.6261.128-1]
- upstream security release 122.0.6261.128
* High CVE-2024-2400: Use after free in Performance Manager
[122.0.6261.111-2]
- enable ppc64le build
[122.0.6261.111-1]
- upstream security release 122.0.6261.111
* High CVE-2024-2173: Out of bounds memory access in V8
* High CVE-2024-2174: Inappropriate implementation in V8
* High CVE-2024-2176: Use after free in FedCM
[122.0.6261.94-1]
- upstream security release 122.0.6261.94
* High : Type Confusion in V8
- fixed bz#2265957, added correct platform in chromium use agent
[122.0.6261.69-3]
- Make building of chromedriver optional
[122.0.6261.69-2]
- Rebuilt for java-21-openjdk as system jdk
[122.0.6261.69-1]
- update to 122.0.6261.69
- fix build error on el8
- bz#2265039, built with -fwrapv for improved memory safety
- bz#2265043, built with -ftrivial-auto-var-init=zero for improved security and preditability
[122.0.6261.57-1]
- update to 122.0.6261.57
* High CVE-2024-1669: Out of bounds memory access in Blink
* High CVE-2024-1670: Use after free in Mojo
* Medium CVE-2024-1671: Inappropriate implementation in Site Isolation
* Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy
* Medium CVE-2024-1673: Use after free in Accessibility
* Medium CVE-2024-1674: Inappropriate implementation in Navigation
* Medium CVE-2024-1675: Insufficient policy enforcement in Download
* Low CVE-2024-1676: Inappropriate implementation in Navigation.
[122.0.6261.39-1]
- update to 122.0.6261.39
[121.0.6167.184-1]
- update to 121.0.6167.184
[121.0.6167.160-1]
- update to 121.0.6167.160
* High CVE-2024-1284: Use after free in Mojo
* High CVE-2024-1283: Heap buffer overflow in Skia
[121.0.6167.139-2]
- Support for 64K pages on Linux/AArch64
[121.0.6167.139-1]
- update to 121.0.6167.139
* High CVE-2024-1060: Use after free in Canvas
* High CVE-2024-1059: Use after free in WebRTC
* High CVE-2024-1077: Use after free in Network
[121.0.6167.85-1]
- update to 121.0.6167.85
* High CVE-2024-0807: Use after free in WebAudio
* High CVE-2024-0812: Inappropriate implementation in Accessibility
* High CVE-2024-0808: Integer underflow in WebUI
* Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
* Medium CVE-2024-0814: Incorrect security UI in Payments
* Medium CVE-2024-0813: Use after free in Reading Mode
* Medium CVE-2024-0806: Use after free in Passwords
* Medium CVE-2024-0805: Inappropriate implementation in Downloads
* Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
* Low CVE-2024-0811: Inappropriate implementation in Extensions API
* Low CVE-2024-0809: Inappropriate implementation in Autofill
[121.0.6167.71-1]
- update to 121.0.6167.71
[120.0.6099.224-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[120.0.6099.224-1]
- update to 120.0.6099.224
* High CVE-2024-0517: Out of bounds write in V8
* High CVE-2024-0518: Type Confusion in V8
* High CVE-2024-0519: Out of bounds memory access in V8
[120.0.6099.216-1]
- update to 120.0.6099.216
* High CVE-2024-0333: Insufficient data validation in Extensions
[120.0.6099.199-1]
- new gn update, drop workaround for broken gn on epel 8/9
- update to 120.0.6099.199
* CVE-2024-0222: Use after free in ANGLE
* CVE-2024-0223: Heap buffer overflow in ANGLE
* CVE-2024-0224: Use after free in WebAudio
* CVE-2024-0225: Use after free in WebGPU
[120.0.6099.129-1]
- update to 120.0.6099.129
* High CVE-2023-7024: Heap buffer overflow in WebRTC
[120.0.6099.109-1]
- update to 120.0.6099.109
* High CVE-2023-6702: Type Confusion in V8
* High CVE-2023-6703: Use after free in Blink
* High CVE-2023-6704: Use after free in libavif
* High CVE-2023-6705: Use after free in WebRTC
* High CVE-2023-6706: Use after free in FedCM
* Medium CVE-2023-6707: Use after free in CSS
[120.0.6099.71-1]
- update to 120.0.6099.71
[120.0.6099.62-2]
- drop unsupported ldflag which caused build failure
[120.0.6099.62-1]
- update to 120.0.6099.62
- fixed bz#2252874, built with control flow integrity (CFI) support
[120.0.6099.56-1]
- update to 120.0.6099.56
- enable qt6 UI backend
[119.0.6045.199-2]
- fixed bz#2242271, built with bundleminizip in fedora > 39
- fixed bz#2251884, built with fstack-protector-strong for improved security
[119.0.6045.199-1]
- update to 119.0.6045.199
[119.0.6045.159-2]
- fix ffmpeg conflicts
[119.0.6045.159-1]
- update to 119.0.6045.159, upstream security release
High CVE-2023-5997, use after free in Garbage Collection
High CVE-2023-6112, use after free in Navigation
- add Requires/Conflicts for ABI break in fmpeg-free 6.0.1
- drop first_dts patch, reintroduce first_dts patch in ffmpeg-free-6.0.1
- fixed python3 syntaxWarning: invalid escape sequenc
- skip clang's patches for epel8 that now gets clang-16 update
[119.0.6045.123-2]
- fixed bz#2240127, Some h.264 mp4s do not play
[119.0.6045.123-1]
- update to 119.0.6045.123, include following security fixes:
high CVE-2023-5996: Use after free in WebAudio
[119.0.6045.105-2]
- enable debuginfo
[119.0.6045.105-1]
- update to 119.0.6045.105
[119.0.6045.59-1]
- update 119.0.6045.59
[118.0.5993.117-1]
- update to 118.0.5993.117
[118.0.5993.88-1]
- update to 118.0.5993.88
- cleanup the package dependencies
[118.0.5993.70-2]
- fix tab crash with SIGTRAP when using system ffmpeg
[118.0.5993.70-1]
- update to 118.0.5993.70
- CVE-2023-5218: Use after free in Site Isolation.
- CVE-2023-5487: Inappropriate implementation in Fullscreen.
- CVE-2023-5484: Inappropriate implementation in Navigation.
- CVE-2023-5475: Inappropriate implementation in DevTools.
- CVE-2023-5483: Inappropriate implementation in Intents.
- CVE-2023-5481: Inappropriate implementation in Downloads.
- CVE-2023-5476: Use after free in Blink History.
- CVE-2023-5474: Heap buffer overflow in PDF.
- CVE-2023-5479: Inappropriate implementation in Extensions API.
- CVE-2023-5485: Inappropriate implementation in Autofill.
- CVE-2023-5478: Inappropriate implementation in Autofill.
- CVE-2023-5477: Inappropriate implementation in Installer.
- CVE-2023-5486: Inappropriate implementation in Input.
- CVE-2023-5473: Use after free in Cast.
[118.0.5993.54-1]
- update to 118.0.5993.54
- drop use_gnome_keyring as it's removed by upstream
[117.0.5938.149-1]
- update to 117.0.5938.149
- fix CVE-2023-5346: Type Confusion in V8
[117.0.5938.132-2]
- add workaround for the crash on BTI capable system
[117.0.5938.132-1]
- update to 117.0.5938.132
- CVE-2023-5217, heap buffer overflow in vp8 encoding in libvpx.
- CVE-2023-5186, use after free in Passwords.
- CVE-2023-5187, use after free in Extensions.
?
[117.0.5938.92-2]
- backport upstream patch to fix memory leak
[117.0.5938.92-1]
- update to 117.0.5938.92
[117.0.5938.88-1]
- update to 117.0.5938.88
[117.0.5938.62-1]
- update to 117.0.5938.62
[116.0.5845.187-1]
- update to 116.0.5845.187
[116.0.5845.179-1]
- update to 116.0.5845.179
[116.0.5845.96-1]
- update to 116.0.5845.96
[115.0.5790.170-2]
- set use_all_cpus=1 for aarch64
[115.0.5790.170-1]
- update to 115.0.5790.170
[115.0.5790.110-1]
- update to 115.0.5790.110
[115.0.5790.102-1]
- update to 115.0.5790.102
[115.0.5790.98-1]
- update to 115.0.5790.98
[114.0.5735.198-1]
- update to 114.0.5735.198
[114.0.5735.133-1]
- update to 114.0.5735.133
- Enable AllowQt feature flag
- Fix Qt deps
- Fix Qt logical scale factor
[114.0.5735.106-1]
- update to 114.0.5735.106
[114.0.5735.45-1]
- update to 114.0.5735.45
- add qt6 linuxui backend
- backport: handle scale factor changes
- backport: fix font double_scaling
[113.0.5672.126-1]
- drop clang workaround for el8
- update to 113.0.5672.126
[113.0.5672.92-1]
- update to 113.0.5672.92
[113.0.5672.63-1]
- update to 113.0.5672.63
[112.0.5615.165-2]
- make --use-gl=egl default for x11/wayland
- enable WebUIDarkMode
[112.0.5615.165-1]
- update to 112.0.5615.165
[112.0.5615.121-2]
- fix vaapi issue on xwayland
- fix the build order, chrome_feed_response_metadata.pb.h file not found
- fix compiler flags and typo
[112.0.5615.121-1]
- update to 112.0.5615.121
[112.0.5615.49-1]
- update to 112.0.5615.49
- fix #2184142, Small fonts in menus
[111.0.5563.146-1]
- update to 111.0.5563.146
[111.0.5563.110-2]
- Fix ffmpeg note in README.fedora
[111.0.5563.110-1]
- update to 111.0.5563.110
[111.0.5563.64-2]
- Rebuild for ffmpeg 6.0
[111.0.5563.64-1]
- update to 111.0.5563.64
[111.0.5563.50-1]
- update to 111.0.5563.50
- system freetype on fedora > 36
[110.0.5481.177-1]
- update to 110.0.5481.177
- workaround for crash on aarch64, rhel8
[110.0.5481.100-3]
- Enable PipeWire screen sharing on RHEL8+
[110.0.5481.100-2]
- fixed bz#2036205, failed to load GLES library
[110.0.5481.100-1]
- update to 110.0.5481.100
[110.0.5481.77-2]
- fix #2071126, enable support V4L2 stateless decoders for aarch64 plattform
- fix prefers-color-scheme
- drop snapshot_blob.bin, replace snapshot_blob.bin with v8_context_snapshot.bin
- move headless_lib*.pak to headless subpackage
[110.0.5481.77-1]
- update to 110.0.5481.77
[110.0.5481.61-1]
- update to 110.0.5481.61
[109.0.5414.119-2]
- Use ffmpeg decoders for h264 support
[109.0.5414.119-1]
- update to 109.0.5414.119
[109.0.5414.74-4]
- clean up
[109.0.5414.74-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
[109.0.5414.74-2]
- conditionalize system_build_flags
- cleaned up gn defines
- add BR on python3-importlib-metadata
- set correct toolchain gcc|clang
- fix FTBFS with gcc13
[109.0.5414.74-1]
- update to 109.0.5414.74
[108.0.5359.124-5]
- enable qt backend for el >= 9 and fedora >= 35
- drop i686
- conditional BR on java-1.8.0-openjdk-headless
[108.0.5359.124-4]
- vaapi support for wayland
[108.0.5359.124-3]
- build with system ffmpeg-free and system libaom
- fix widewine extension issue
- vaapi, disable UseChromeOSDirectVideoDecoder
- workaround for linking issue in clang <= 14
[108.0.5359.124-2]
- turn headless back on (chrome-remote-desktop will stay off, probably forever)
[108.0.5359.124-1]
- update to 108.0.5359.124
- switch to clang
[107.0.5304.121-1]
- update to 107.0.5304.121
[107.0.5304.110-1]
- update to 107.0.5304.110
[105.0.5195.125-2]
- apply upstream fix for wayland menu misplacement bug
[105.0.5195.125-1]
- update to 105.0.5195.125
[105.0.5195.52-1]
- update to 105.0.5195.52
[104.0.5112.101-1]
- update to 104.0.5112.101
[103.0.5060.114-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
[103.0.5060.114-1]
- update to 103.0.5060.114
[103.0.5060.53-1]
- update to 103.0.5060.53
[102.0.5005.115-2]
- fix minizip Requires for EL9
[102.0.5005.115-1]
- update to 102.0.5005.115
[102.0.5005.61-1]
- update to 102.0.5005.61
[101.0.4951.41-1]
- update to 101.0.4951.41
[100.0.4896.127-1]
- update to 100.0.4896.127
[100.0.4896.75-1]
- update to 100.0.4896.75
[100.0.4896.60-1]
- update to 100.0.4896.60
[99.0.4844.84-1]
- update to 99.0.4844.84
- package up libremoting_core.so* for chrome-remote-desktop
- strip all the .so files (and binaries)
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | chromium-123.0.6312.58-1.el9.src.rpm | 11a9a50a6b22ced4b7b700f378407290 | - | ol9_aarch64_developer_EPEL |
| chromedriver-123.0.6312.58-1.el9.aarch64.rpm | ab6d71b298b8a58e88bb3ffe81c5a0b7 | - | ol9_aarch64_developer_EPEL | |
| chromium-123.0.6312.58-1.el9.aarch64.rpm | 424c043f312beb8c9c485bbe868ba643 | - | ol9_aarch64_developer_EPEL | |
| chromium-common-123.0.6312.58-1.el9.aarch64.rpm | 7faad9c7b25528c585d6c1689607ecbb | - | ol9_aarch64_developer_EPEL | |
| chromium-headless-123.0.6312.58-1.el9.aarch64.rpm | b979a8b0771bd0730aeb611b64d87a24 | - | ol9_aarch64_developer_EPEL | |
| Oracle Linux 9 (x86_64) | chromium-123.0.6312.58-1.el9.src.rpm | 11a9a50a6b22ced4b7b700f378407290 | - | ol9_x86_64_developer_EPEL |
| chromedriver-123.0.6312.58-1.el9.x86_64.rpm | 8c4173db42d0af8c398beae7b796ff3c | - | ol9_x86_64_developer_EPEL | |
| chromium-123.0.6312.58-1.el9.x86_64.rpm | 5f5af3b538d42c959995a8b4576fac3e | - | ol9_x86_64_developer_EPEL | |
| chromium-common-123.0.6312.58-1.el9.x86_64.rpm | afda54190c152b93119abfd1b5e327bc | - | ol9_x86_64_developer_EPEL | |
| chromium-headless-123.0.6312.58-1.el9.x86_64.rpm | 9433b02de890ec43bb749a8c98c90bd2 | - | ol9_x86_64_developer_EPEL | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
