948596 – (CVE-2025-0611, CVE-2025-0612) <www-client/chromium-132.0.6834.110, <www-client/google-chrome-132.0.6834.110, www-client/microsoft-edge, www-client/opera: multiple vulnerabilities

Bug 948596 (CVE-2025-0611, CVE-2025-0612) - <www-client/chromium-132.0.6834.110, <www-client/google-chrome-132.0.6834.110, www-client/microsoft-edge, www-client/opera: multiple vulnerabilities

Summary: <www-client/chromium-132.0.6834.110, <www-client/google-chrome-132.0.6834.110...

Status:	CONFIRMED

Alias:	CVE-2025-0611, CVE-2025-0612

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://chromereleases.googleblog.com...
Whiteboard:
Keywords:

Depends on:	948839
Blocks:
	Show dependency tree

Reported:	2025-01-23 01:41 UTC by Matt Jolly
Modified:	2025-01-26 02:39 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Jolly gentoo-dev

2025-01-23 01:41:50 UTC

The Stable channel has been updated to 132.0.6834.110 for Linux.

Security Fixes and Rewards

This update includes 3 security fixes.

[$11000][386143468] High CVE-2025-0611: Object corruption in V8. Reported by 303f06e3 on 2024-12-26

[$8000][385155406] High CVE-2025-0612: Out of bounds memory access in V8. Reported by Alan Goodman on 2024-12-20

Comment 1 Matt Jolly gentoo-dev

2025-01-26 02:38:24 UTC

Referenced the wrong chromium bug in the bump commits.

Updated in:

- www-client/google-chrome 7a7fec2a56323901da792eb2f15357c4a9c17307
- www-client/chromium e5ee98b4ddb4b8db49e57499bf15eb4f8e6efc79