This update includes 10 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$NA][1486441] High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25 [$TBD][1478889] High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05 [$2000][1475798] High CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25
Please bump to 117.0.5938.132.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9a411b383662510e95d3336a39d35c40050839e commit c9a411b383662510e95d3336a39d35c40050839e Author: Matt Jolly <Matt.Jolly@footclan.ninja> AuthorDate: 2023-09-28 01:15:52 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-28 03:26:50 +0000 www-client/chromium: add 117.0.5938.132 Bug: https://bugs.gentoo.org/914871 Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja> Signed-off-by: Sam James <sam@gentoo.org> www-client/chromium/Manifest | 2 + www-client/chromium/chromium-117.0.5938.132.ebuild | 1277 ++++++++++++++++++++ 2 files changed, 1279 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e33ebf94469ab30c5878d789081e6e8e6fcc732 commit 4e33ebf94469ab30c5878d789081e6e8e6fcc732 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-09-28 05:10:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-28 05:11:08 +0000 media-libs/libvpx: backport CVE-2023-5217 fix Bug: https://bugs.gentoo.org/914871 Bug: https://bugs.gentoo.org/914875 Closes: https://github.com/gentoo/gentoo/pull/33095 Signed-off-by: Sam James <sam@gentoo.org> ...-1.13.0-VP8-disallow-thread-count-changes.patch | 53 ++++++++ ...pi_test-add-ConfigResizeChangeThreadCount.patch | 94 +++++++++++++ media-libs/libvpx/libvpx-1.13.0-r1.ebuild | 145 +++++++++++++++++++++ 3 files changed, 292 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=8064a0b694d29fb2fca491d65494098fb43c2ffa commit 8064a0b694d29fb2fca491d65494098fb43c2ffa Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-31 15:39:13 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-31 15:39:35 +0000 [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/907999 Bug: https://bugs.gentoo.org/908471 Bug: https://bugs.gentoo.org/909283 Bug: https://bugs.gentoo.org/910522 Bug: https://bugs.gentoo.org/911675 Bug: https://bugs.gentoo.org/912364 Bug: https://bugs.gentoo.org/913016 Bug: https://bugs.gentoo.org/913710 Bug: https://bugs.gentoo.org/914350 Bug: https://bugs.gentoo.org/914871 Bug: https://bugs.gentoo.org/915137 Bug: https://bugs.gentoo.org/915560 Bug: https://bugs.gentoo.org/915961 Bug: https://bugs.gentoo.org/916252 Bug: https://bugs.gentoo.org/916620 Bug: https://bugs.gentoo.org/917021 Bug: https://bugs.gentoo.org/917357 Bug: https://bugs.gentoo.org/918882 Bug: https://bugs.gentoo.org/919321 Bug: https://bugs.gentoo.org/919802 Bug: https://bugs.gentoo.org/920442 Bug: https://bugs.gentoo.org/921337 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-34.xml | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 229 insertions(+)
