Test ID:	1.3.6.1.4.1.25623.1.1.10.2023.0322
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2023-0322)
Summary:	The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2023-0322 advisory.
Description:	Summary: The remote host is missing an update for the 'chromium-browser-stable' package(s) announced via the MGASA-2023-0322 advisory. Vulnerability Insight: The chromium-browser-stable package has been updated to the 119.0.6045.159 release, fixing bugs and 15 vulnerabilities, together with 119.0.6045.123 and 119.0.6045.105, some of them are listed below: High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2023-10-14 High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13 High CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy on 2023-10-13 High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30 High CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous on 2023-10-31 High CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero on 2023-11-04 Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639) on 2021-12-22 Medium CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-08-18 Medium CVE-2023-5852: Use after free in Printing. Reported by [pwn2car] on 2023-09-10 Medium CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh on 2023-06-22 Medium CVE-2023-5854: Use after free in Profiles. Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ on 2023-10-01 Medium CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang on 2023-10-13 Medium CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17 Medium CVE-2023-5857: Inappropriate implementation in Downloads. Reported by Will Dormann on 2023-10-18 Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Reported by Axel Chong on 2023-06-24 Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee on 2023-09-13 Affected Software/OS: 'chromium-browser-stable' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-5480 Debian Security Information: DSA-5546 (Google Search) https://www.debian.org/security/2023/dsa-5546 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/ https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202312-07 https://security.gentoo.org/glsa/202401-34 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html https://crbug.com/1492698 Common Vulnerability Exposure (CVE) ID: CVE-2023-5482 https://crbug.com/1492381 Common Vulnerability Exposure (CVE) ID: CVE-2023-5849 https://crbug.com/1492384 Common Vulnerability Exposure (CVE) ID: CVE-2023-5850 https://crbug.com/1281972 Common Vulnerability Exposure (CVE) ID: CVE-2023-5851 https://crbug.com/1473957 Common Vulnerability Exposure (CVE) ID: CVE-2023-5852 https://crbug.com/1480852 Common Vulnerability Exposure (CVE) ID: CVE-2023-5853 https://crbug.com/1456876 Common Vulnerability Exposure (CVE) ID: CVE-2023-5854 https://crbug.com/1488267 Common Vulnerability Exposure (CVE) ID: CVE-2023-5855 https://crbug.com/1492396 Common Vulnerability Exposure (CVE) ID: CVE-2023-5856 https://crbug.com/1493380 Common Vulnerability Exposure (CVE) ID: CVE-2023-5857 https://crbug.com/1493435 Common Vulnerability Exposure (CVE) ID: CVE-2023-5858 https://crbug.com/1457704 Common Vulnerability Exposure (CVE) ID: CVE-2023-5996 Debian Security Information: DSA-5551 (Google Search) https://www.debian.org/security/2023/dsa-5551 https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html https://crbug.com/1497859 Common Vulnerability Exposure (CVE) ID: CVE-2023-5997 Debian Security Information: DSA-5556 (Google Search) https://www.debian.org/security/2023/dsa-5556 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC/ https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html https://crbug.com/1497997 Common Vulnerability Exposure (CVE) ID: CVE-2023-6112 http://packetstormsecurity.com/files/176721/Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html https://crbug.com/1499298
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.