CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
80.3%
The chromium-browser-stable package has been updated to the 120.0.6099.129 release, fixing bugs and 20 vulnerabilities, together with 120.0.6099.109, 120.0.6099.71 and 120.0.6099.62; some of them are listed below. High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim(@cassidy6564) on 2023-10-31 High CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani on 2023-10-21 Medium CVE-2023-6510: Use after free in Media Capture. Reported by [pwn2car] on 2023-09-08 Low CVE-2023-6511: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-09-04 Low CVE-2023-6512: Inappropriate implementation in Web Browser UI. Reported by Om Apip on 2023-06-24 High CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qiβanxin Group on 2023-11-10 High CVE-2023-6703: Use after free in Blink. Reported by Cassidy Kim(@cassidy6564) on 2023-11-14 High CVE-2023-6704: Use after free in libavif. Reported by Fudan University on 2023-11-23 High CVE-2023-6705: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-11-28 High CVE-2023-6706: Use after free in FedCM. Reported by anonymous on 2023-11-09 Medium CVE-2023-6707: Use after free in CSS. Reported by @ginggilBesel on 2023-11-21 High CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by ClΓ©ment Lecigne and Vlad Stolyarov of Googleβs Threat Analysis Group on 2023-12-19 Google is aware that an exploit for CVE-2023-7024 exists in the wild.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 9 | noarch | chromium-browser-stable | <Β 120.0.6099.129-2 | chromium-browser-stable-120.0.6099.129-2.mga9.tainted |
bugs.mageia.org/show_bug.cgi?id=32612
chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html
chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html
chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_6.html
www.aboutchromebooks.com/news/heres-whats-in-the-now-available-google-chrome-120-release/
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
80.3%