The Stable channel has been updated to 121.0.6167.184 for Mac and Linux and 121.0.6167.184/185 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 1 security fix. https://issues.chromium.org/issues/325069765 references a high severity issue: https://issues.chromium.org/issues/41491976 which is not yet publicly visible, presumed to be the aforementioned security fix / vulnerability.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61c93d614f660f98585ab971f39a55b1e8435ecc commit 61c93d614f660f98585ab971f39a55b1e8435ecc Author: Matt Jolly <kangie@gentoo.org> AuthorDate: 2024-02-14 13:08:49 +0000 Commit: Matt Jolly <kangie@gentoo.org> CommitDate: 2024-02-14 13:10:26 +0000 www-client/google-chrome: automated update (121.0.6167.184) Bug: https://bugs.gentoo.org/924450 Signed-off-by: Matt Jolly <kangie@gentoo.org> www-client/google-chrome/Manifest | 2 +- ...chrome-121.0.6167.160.ebuild => google-chrome-121.0.6167.184.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
I think we can safely assume remote passive compromise for this, updated whiteboard accordingly.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=332eb08481c089517b54359348e61e1848521799 commit 332eb08481c089517b54359348e61e1848521799 Author: Matt Jolly <kangie@gentoo.org> AuthorDate: 2024-02-14 12:51:18 +0000 Commit: Matt Jolly <kangie@gentoo.org> CommitDate: 2024-02-14 15:14:40 +0000 www-client/chromium: add 121.0.6167.184 Includes a backport to fix plasma wayland cursors. Bug: https://bugs.gentoo.org/924450 Closes: https://bugs.gentoo.org/922399 Signed-off-by: Matt Jolly <kangie@gentoo.org> www-client/chromium/Manifest | 4 + www-client/chromium/chromium-121.0.6167.184.ebuild | 1367 ++++++++++++++++++++ 2 files changed, 1371 insertions(+)
Unable to identify minimum edge version that includes a fix for this CVE. Nothing currently in-tree is vulnerable.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=309ab763e094d02598a970a50a7f0836699fd887 commit 309ab763e094d02598a970a50a7f0836699fd887 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-12-07 10:13:10 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-12-07 10:13:37 +0000 [ GLSA 202412-05 ] Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/924450 Bug: https://bugs.gentoo.org/925161 Bug: https://bugs.gentoo.org/925666 Bug: https://bugs.gentoo.org/926230 Bug: https://bugs.gentoo.org/926869 Bug: https://bugs.gentoo.org/927312 Bug: https://bugs.gentoo.org/927928 Bug: https://bugs.gentoo.org/928462 Bug: https://bugs.gentoo.org/929112 Bug: https://bugs.gentoo.org/930124 Bug: https://bugs.gentoo.org/930647 Bug: https://bugs.gentoo.org/930994 Bug: https://bugs.gentoo.org/931548 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202412-05.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+)
