INFESA-2024:0002: chromium gost security update (Important)
Information about definition
Identificator: INFESA-2024:0002
Type: security
Release date: 2024-09-03 17:03:18 UTC
Information about package
Chromium GOST is an open-source web browser what supported GOST TLS if proprietary CryptoPro is installed
Vulnerabilities description
- CVE-2024-8198
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8194
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8193
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7969
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-7969
|
no information | 8.8 | no information |
|
NIST — CVE-2024-8193
|
no information | 8.8 | no information |
|
NIST — CVE-2024-8194
|
no information | 7.5 | no information |
|
NIST — CVE-2024-8198
|
no information | 7.5 | no information |
Updated packages