939217 – (CVE-2024-7970, CVE-2024-8362) <www-client/chromium-128.0.6613.119, <www-client/google-chrome-128.0.6613.119, <www-client/microsoft-edge-128.0.2739.63, <www-client/opera-114.0.5282.21: Multiple vulnerabilities

Bug 939217 (CVE-2024-7970, CVE-2024-8362) - <www-client/chromium-128.0.6613.119, <www-client/google-chrome-128.0.6613.119, <www-client/microsoft-edge-128.0.2739.63, <www-client/opera-114.0.5282.21: Multiple vulnerabilities

Summary: <www-client/chromium-128.0.6613.119, <www-client/google-chrome-128.0.6613.119...

Status:	CONFIRMED

Alias:	CVE-2024-7970, CVE-2024-8362

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://chromereleases.googleblog.com...
Whiteboard:
Keywords:

Depends on:	939281
Blocks:
	Show dependency tree

Reported:	2024-09-07 08:11 UTC by Matt Jolly
Modified:	2024-10-08 14:58 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Jolly gentoo-dev

2024-09-07 08:11:36 UTC

Stable Channel update for Desktop
Monday, September 2, 2024

The Stable channel has been updated to 128.0.6613.119/.120 for Windows, Mac and 128.0.6613.119 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

The Extended Stable channel has been updated to 128.0.6613.120 for Windows and Mac which will roll out over the coming days/weeks.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$7000][357391257] High CVE-2024-8362: Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564) on 2024-08-05

[TBD][358485426] High CVE-2024-7970: Out of bounds write in V8. Reported by Cassidy Kim(@cassidy6564) on 2024-08-09

Comment 1 Larry the Git Cow gentoo-dev

2024-09-07 11:28:33 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d49e871821ac0f8f37ee4f193752a994bb2d8857

commit d49e871821ac0f8f37ee4f193752a994bb2d8857
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-09-07 11:26:32 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-09-07 11:28:14 +0000

    www-client/chromium: add 128.0.6613.119
    
    Bug: https://bugs.gentoo.org/939217
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                       |    1 +
 www-client/chromium/chromium-128.0.6613.119.ebuild | 1452 ++++++++++++++++++++
 2 files changed, 1453 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4577a562d4ce240f79a21dc28a376513226c5c67

commit 4577a562d4ce240f79a21dc28a376513226c5c67
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-09-07 08:14:52 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-09-07 11:28:10 +0000

    www-client/google-chrome: automated update (128.0.6613.119)
    
    Bug: https://bugs.gentoo.org/939217
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...chrome-128.0.6613.113.ebuild => google-chrome-128.0.6613.119.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)