- update to 121.0.6167.139

* High CVE-2024-1060: Use after free in Canvas
  * High CVE-2024-1059: Use after free in WebRTC
  * High CVE-2024-1077: Use after free in Network

chromium.spec

@@ -285,7 +285,7 @@
 %endif
 
 Name:	chromium%{chromium_channel}
-Version: 121.0.6167.85
+Version: 121.0.6167.139
 Release: 1%{?dist}
 Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
 Url: http://www.chromium.org/Home
@@ -1796,6 +1796,12 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
 %{chromium_path}/chromedriver
 
 %changelog
+* Wed Jan 31 2024 Than Ngo <than@redhat.com> - 121.0.6167.139-1
+- update to 121.0.6167.139
+  * High CVE-2024-1060: Use after free in Canvas
+  * High CVE-2024-1059: Use after free in WebRTC
+  * High CVE-2024-1077: Use after free in Network
+
 * Wed Jan 24 2024 Than Ngo <than@redhat.com> - 121.0.6167.85-1
 - update to 121.0.6167.85
   * High CVE-2024-0807: Use after free in WebAudio

sources

@@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea
 SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd
 SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6
 SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d
-SHA512 (chromium-121.0.6167.85-clean.tar.xz) = 9c5a45a51c97d262db0d5a016e2c0432d00465eca1d842cecec0855b8c78afd070b38fff30fd10e14a27a16a52a820175b1098f977ce4fdf2e3e633e5ce7fb49
+SHA512 (chromium-121.0.6167.139-clean.tar.xz) = a486a6a96f7af0bfb7412f2d07855d76177fc5b84a90ddf2dbdda253652bafeb5102a3a49d1e6ccff0fef17e54f95f815039cf0ca33bdfcf2ab4fe84c0593427