919802 – (CVE-2023-6702, CVE-2023-6703, CVE-2023-6704, CVE-2023-6705, CVE-2023-6706, CVE-2023-6707) <www-client/{chromium,google-chrome}-120.0.6099.109 <www-client/microsoft-edge-120.0.2210.77: Multiple vulnerabilities

Bug 919802 (CVE-2023-6702, CVE-2023-6703, CVE-2023-6704, CVE-2023-6705, CVE-2023-6706, CVE-2023-6707) - <www-client/{chromium,google-chrome}-120.0.6099.109 <www-client/microsoft-edge-120.0.2210.77: Multiple vulnerabilities

Summary: <www-client/{chromium,google-chrome}-120.0.6099.109 <www-client/microsoft-edg...

Status:	RESOLVED FIXED

Alias:	CVE-2023-6702, CVE-2023-6703, CVE-2023-6704, CVE-2023-6705, CVE-2023-6706, CVE-2023-6707

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:	https://chromereleases.googleblog.com...
Whiteboard:	B2 [glsa+]
Keywords:

Depends on:	919804 922189
Blocks:
	Show dependency tree

Reported:	2023-12-13 03:23 UTC by Sam James
Modified:	2024-01-31 15:45 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2023-12-13 03:23:44 UTC

This update includes 9 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$16000][1501326] High CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2023-11-10

[$7000][1502102] High CVE-2023-6703: Use after free in Blink. Reported by Cassidy Kim(@cassidy6564) on 2023-11-14

[$7000][1504792] High CVE-2023-6704: Use after free in libavif. Reported by Fudan University on 2023-11-23

[$7000][1505708] High CVE-2023-6705: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-11-28

[$6000][1500921] High CVE-2023-6706: Use after free in FedCM. Reported by anonymous on 2023-11-09

[$7000][1504036] Medium CVE-2023-6707: Use after free in CSS. Reported by @ginggilBesel on 2023-11-21

Comment 1 Sam James archtester

2023-12-13 03:24:44 UTC

Please bump to 120.0.6099.109.

Comment 2 Larry the Git Cow gentoo-dev

2023-12-13 04:54:26 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65aacc768a3e7ee4f33c09605a65bde919406187

commit 65aacc768a3e7ee4f33c09605a65bde919406187
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2023-12-13 02:27:11 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-12-13 04:53:37 +0000

    www-plugins/chrome-binary-plugins: automated update (120.0.6099.109)
    
    Bug: https://bugs.gentoo.org/919802
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Sam James <sam@gentoo.org>

 www-plugins/chrome-binary-plugins/Manifest                              | 2 +-
 ...120.0.6099.71.ebuild => chrome-binary-plugins-120.0.6099.109.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31c54f4925e2a8a56dfcf4c365f6ffa50d4683f7

commit 31c54f4925e2a8a56dfcf4c365f6ffa50d4683f7
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2023-12-13 02:27:06 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-12-13 04:53:37 +0000

    www-client/google-chrome: automated update (120.0.6099.109)
    
    Bug: https://bugs.gentoo.org/919802
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...-chrome-120.0.6099.71.ebuild => google-chrome-120.0.6099.109.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2165d2f3002751c99287105c0f38904107839011

commit 2165d2f3002751c99287105c0f38904107839011
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2023-12-13 02:26:19 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-12-13 04:53:36 +0000

    www-client/chromium: add 120.0.6099.109
    
    Bug: https://bugs.gentoo.org/919802
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/Manifest                       |    2 +
 www-client/chromium/chromium-120.0.6099.109.ebuild | 1269 ++++++++++++++++++++
 2 files changed, 1271 insertions(+)

Comment 3 Larry the Git Cow gentoo-dev

2024-01-31 15:39:55 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=8064a0b694d29fb2fca491d65494098fb43c2ffa

commit 8064a0b694d29fb2fca491d65494098fb43c2ffa
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-31 15:39:13 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-31 15:39:35 +0000

    [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/907999
    Bug: https://bugs.gentoo.org/908471
    Bug: https://bugs.gentoo.org/909283
    Bug: https://bugs.gentoo.org/910522
    Bug: https://bugs.gentoo.org/911675
    Bug: https://bugs.gentoo.org/912364
    Bug: https://bugs.gentoo.org/913016
    Bug: https://bugs.gentoo.org/913710
    Bug: https://bugs.gentoo.org/914350
    Bug: https://bugs.gentoo.org/914871
    Bug: https://bugs.gentoo.org/915137
    Bug: https://bugs.gentoo.org/915560
    Bug: https://bugs.gentoo.org/915961
    Bug: https://bugs.gentoo.org/916252
    Bug: https://bugs.gentoo.org/916620
    Bug: https://bugs.gentoo.org/917021
    Bug: https://bugs.gentoo.org/917357
    Bug: https://bugs.gentoo.org/918882
    Bug: https://bugs.gentoo.org/919321
    Bug: https://bugs.gentoo.org/919802
    Bug: https://bugs.gentoo.org/920442
    Bug: https://bugs.gentoo.org/921337
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-34.xml | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 229 insertions(+)