941989 – (CVE-2024-10229, CVE-2024-10230, CVE-2024-10231) www-client/chromium, <www-client/google-chrome-130.0.6723.69, www-client/microsoft-edge, www-client/opera: Multiple vulnerabilities

Bug 941989 (CVE-2024-10229, CVE-2024-10230, CVE-2024-10231) - www-client/chromium, <www-client/google-chrome-130.0.6723.69, www-client/microsoft-edge, www-client/opera: Multiple vulnerabilities

Summary: www-client/chromium, <www-client/google-chrome-130.0.6723.69, www-client/micr...

Status:	CONFIRMED

Alias:	CVE-2024-10229, CVE-2024-10230, CVE-2024-10231

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://chromereleases.googleblog.com...
Whiteboard:
Keywords:

Depends on:	944807
Blocks:
	Show dependency tree

Reported:	2024-10-23 01:26 UTC by Matt Jolly
Modified:	2024-11-24 12:14 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Jolly gentoo-dev

2024-10-23 01:26:54 UTC

The Stable channel has been updated to 130.0.6723.69 for Linux.

Security Fixes and Rewards

This update includes 3 security fixes. 

[TBD][371011220] High CVE-2024-10229: Inappropriate implementation in Extensions. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2024-10-02

[TBD][371565065] High CVE-2024-10230: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-10-05

[TBD][372269618] High CVE-2024-10231: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-10-09

Comment 1 Matt Jolly gentoo-dev

2024-10-24 04:52:43 UTC

Google are having some sort of trouble publishing Chromium tarballs at the moment. No ETA for update.