See https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html. This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$20000][1452137] High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07 [$10000][1447568] High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22 [$5000][1450397] High CVE-2023-3422: Use after free in Guest View. Reported by asnine on 2023-06-01
Please bump to 114.0.5735.198.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62c83482a1026387a5d2332ba9162227b3264d54 commit 62c83482a1026387a5d2332ba9162227b3264d54 Author: Matt Jolly <Matt.Jolly@footclan.ninja> AuthorDate: 2023-06-30 06:48:44 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2023-06-30 13:11:00 +0000 www-client/chromium: add 114.0.5735.198 Bug: https://bugs.gentoo.org/909283 Closes: https://bugs.gentoo.org/909055 Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja> Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/Manifest | 1 + www-client/chromium/chromium-114.0.5735.198.ebuild | 1270 ++++++++++++++++++++ .../files/chromium-114-remove-evdev-dep.patch | 35 + 3 files changed, 1306 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b8c7fa7150b58358beb0f04e2276470972ea6bd commit 0b8c7fa7150b58358beb0f04e2276470972ea6bd Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2023-07-18 10:56:04 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2023-07-18 10:56:04 +0000 www-client/chromium: drop 114.0.5735.133 Bug: https://bugs.gentoo.org/909283 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/Manifest | 1 - www-client/chromium/chromium-114.0.5735.133.ebuild | 1269 -------------------- 2 files changed, 1270 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=8064a0b694d29fb2fca491d65494098fb43c2ffa commit 8064a0b694d29fb2fca491d65494098fb43c2ffa Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-31 15:39:13 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-31 15:39:35 +0000 [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/907999 Bug: https://bugs.gentoo.org/908471 Bug: https://bugs.gentoo.org/909283 Bug: https://bugs.gentoo.org/910522 Bug: https://bugs.gentoo.org/911675 Bug: https://bugs.gentoo.org/912364 Bug: https://bugs.gentoo.org/913016 Bug: https://bugs.gentoo.org/913710 Bug: https://bugs.gentoo.org/914350 Bug: https://bugs.gentoo.org/914871 Bug: https://bugs.gentoo.org/915137 Bug: https://bugs.gentoo.org/915560 Bug: https://bugs.gentoo.org/915961 Bug: https://bugs.gentoo.org/916252 Bug: https://bugs.gentoo.org/916620 Bug: https://bugs.gentoo.org/917021 Bug: https://bugs.gentoo.org/917357 Bug: https://bugs.gentoo.org/918882 Bug: https://bugs.gentoo.org/919321 Bug: https://bugs.gentoo.org/919802 Bug: https://bugs.gentoo.org/920442 Bug: https://bugs.gentoo.org/921337 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-34.xml | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 229 insertions(+)
