Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 936247 (CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE-2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779) - <www-client/chromium-126.0.6478.182 <www-client/google-chrome-126.0.6478.182, <www-client/microsoft-edge-126.0.2592.113, <www-client/opera-112.0.5197.53: Multiple vulnerabilities
Summary: <www-client/chromium-126.0.6478.182 <www-client/google-chrome-126.0.6478.182,...
Status: CONFIRMED
Alias: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE-2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard:
Keywords:
Depends on: 936248
Blocks:
  Show dependency tree
 
Reported: 2024-07-18 10:02 UTC by Matt Jolly
Modified: 2024-10-08 15:03 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jolly gentoo-dev 2024-07-18 10:02:49 UTC
The Stable channel has been updated to 126.0.6478.182 for Linux.

Security Fixes and Rewards

This update includes 10 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$10000][346597059] High CVE-2024-6772: Inappropriate implementation in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-06-12

[$7000][347724915] High CVE-2024-6773: Type Confusion in V8. Reported by 2ourc3 | Salim Largo on 2024-06-17

[$6000][346898524] High CVE-2024-6774: Use after free in Screen Capture. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-13

[$5000][347373236] High CVE-2024-6775: Use after free in Media Stream. Reported by Anonymous on 2024-06-15

[$4000][346692546] High CVE-2024-6776: Use after free in Audio. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-12

[$2500][345640549] High CVE-2024-6777: Use after free in Navigation. Reported by Sven Dysthe (@svn-dys) on 2024-06-07

[TBD][341136300] High CVE-2024-6778: Race in DevTools. Reported by Allen Ding on 2024-05-16

[TBD][351327767] High CVE-2024-6779: Out of bounds memory access in V8. Reported by Seunghyun Lee (@0x10n) on 2024-07-06
Comment 1 Larry the Git Cow gentoo-dev 2024-07-18 10:04:02 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83c8551c975149de369a680810d476fba8a18b75

commit 83c8551c975149de369a680810d476fba8a18b75
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-07-18 06:34:30 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-07-18 10:03:02 +0000

    www-client/chromium: add 126.0.6478.182
    
    Bug: https://bugs.gentoo.org/936247
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                       |    2 +
 www-client/chromium/chromium-126.0.6478.182.ebuild | 1452 ++++++++++++++++++++
 2 files changed, 1454 insertions(+)