Category Archives: Advisories

chromium-126.0.6478.55-1.el7

Read Time:54 Second

FEDORA-EPEL-2024-772a5fa32d

Packages in this update:

chromium-126.0.6478.55-1.el7

Update description:

update to 126.0.6478.55

* High CVE-2024-5830: Type Confusion in V8
* High CVE-2024-5831: Use after free in Dawn
* High CVE-2024-5832: Use after free in Dawn
* High CVE-2024-5833: Type Confusion in V8
* High CVE-2024-5834: Inappropriate implementation in Dawn
* High CVE-2024-5835: Heap buffer overflow in Tab Groups
* High CVE-2024-5836: Inappropriate Implementation in DevTools
* High CVE-2024-5837: Type Confusion in V8
* High CVE-2024-5838: Type Confusion in V8
* Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator
* Medium CVE-2024-5840: Policy Bypass in CORS
* Medium CVE-2024-5841: Use after free in V8
* Medium CVE-2024-5842: Use after free in Browser UI
* Medium CVE-2024-5843: Inappropriate implementation in Downloads
* Medium CVE-2024-5844: Heap buffer overflow in Tab Strip
* Medium CVE-2024-5845: Use after free in Audio
* Medium CVE-2024-5846: Use after free in PDFium
* Medium CVE-2024-5847: Use after free in PDFium

Read More

chromium-126.0.6478.55-1.el8

Read Time:54 Second

FEDORA-EPEL-2024-6062617208

Packages in this update:

chromium-126.0.6478.55-1.el8

Update description:

update to 126.0.6478.55

* High CVE-2024-5830: Type Confusion in V8
* High CVE-2024-5831: Use after free in Dawn
* High CVE-2024-5832: Use after free in Dawn
* High CVE-2024-5833: Type Confusion in V8
* High CVE-2024-5834: Inappropriate implementation in Dawn
* High CVE-2024-5835: Heap buffer overflow in Tab Groups
* High CVE-2024-5836: Inappropriate Implementation in DevTools
* High CVE-2024-5837: Type Confusion in V8
* High CVE-2024-5838: Type Confusion in V8
* Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator
* Medium CVE-2024-5840: Policy Bypass in CORS
* Medium CVE-2024-5841: Use after free in V8
* Medium CVE-2024-5842: Use after free in Browser UI
* Medium CVE-2024-5843: Inappropriate implementation in Downloads
* Medium CVE-2024-5844: Heap buffer overflow in Tab Strip
* Medium CVE-2024-5845: Use after free in Audio
* Medium CVE-2024-5846: Use after free in PDFium
* Medium CVE-2024-5847: Use after free in PDFium

Read More

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:28 Second

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

ZDI-24-607: (Pwn2Own) Microsoft Windows mskssrv Driver Use-After-Free Local Privilege Escalation Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-30089.

Read More

ZDI-24-606: (Pwn2Own) Microsoft Windows NtQueryInformationToken Race Condition Local Privilege Escalation Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-30088.

Read More

ZDI-24-605: (Pwn2Own) Microsoft Windows win32kfull Improper Input Validation Local Privilege Escalation Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-30087.

Read More

ZDI-24-604: (Pwn2Own) Microsoft Windows UnserializePropertySet Privilege Context Switching Error Local Privilege Escalation Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-35250.

Read More