The Stable channel has been updated to 127.0.6533.72 for Linux. Security Fixes and Rewards This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$11000][349198731] High CVE-2024-6988: Use after free in Downloads. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-25 [$8000][349342289] High CVE-2024-6989: Use after free in Loader. Reported by Anonymous on 2024-06-25 [TBD][346618785] High CVE-2024-6991: Use after free in Dawn. Reported by wgslfuzz on 2024-06-12 [$8000][339686368] Medium CVE-2024-6994: Heap buffer overflow in Layout. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2024-05-10 [$6000][343938078] Medium CVE-2024-6995: Inappropriate implementation in Fullscreen. Reported by Alesandro Ortiz on 2024-06-01 [$5000][333708039] Medium CVE-2024-6996: Race in Frames. Reported by Louis Jannett (Ruhr University Bochum) on 2024-04-10 [$3000][325293263] Medium CVE-2024-6997: Use after free in Tabs. Reported by Sven Dysthe (@svn-dys) on 2024-02-15 [$2000][340098902] Medium CVE-2024-6998: Use after free in User Education. Reported by Sven Dysthe (@svn-dys) on 2024-05-13 [$2000][340893685] Medium CVE-2024-6999: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-15 [$500][339877158] Medium CVE-2024-7000: Use after free in CSS. Reported by Anonymous on 2024-05-11 [TBD][347509736] Medium CVE-2024-7001: Inappropriate implementation in HTML. Reported by Jake Archibald on 2024-06-17 [$2000][338233148] Low CVE-2024-7003: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-01 [TBD][40063014] Low CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Reported by Anonymous on 2023-02-10 [TBD][40068800] Low CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Reported by Umar Farooq on 2023-08-04
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f9d4cf285d2218114c73c9a879d1ce3c6e67ca3e commit f9d4cf285d2218114c73c9a879d1ce3c6e67ca3e Author: Matt Jolly <kangie@gentoo.org> AuthorDate: 2024-07-25 08:33:42 +0000 Commit: Matt Jolly <kangie@gentoo.org> CommitDate: 2024-07-25 12:56:48 +0000 www-client/chromium: add 127.0.6533.72 Drop llvm-r1 eclass for llvm-utils and our "llvm-r1_pkg_config at home". Chromium is one of the few builds that won't benefit from the default eclass behaviour and we don't currently need to worry about linking with llvm libc++. We'll leave much of the machinery in place an instead take advantage of llvm-utils to do the checks ourselves and try to enforce our own dependencies / sanity checks on rust too. Bug: https://bugs.gentoo.org/936611 Signed-off-by: Matt Jolly <kangie@gentoo.org> www-client/chromium/Manifest | 1 + www-client/chromium/chromium-127.0.6533.72.ebuild | 1427 +++++++++++++++++++++ 2 files changed, 1428 insertions(+)
