Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 641376 (CVE-2017-15429)

Summary: <www-client/chromium-63.0.3239.108 universal cross-site scripting in V8
Product: Gentoo Security Reporter: Mike Gilbert <floppym>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: chromium
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop_14.html
Whiteboard: A4 [glsa cve]
Package list:
www-client/chromium-63.0.3239.108
Runtime testing required: ---

Description Mike Gilbert gentoo-dev 2017-12-16 13:56:54 UTC
From the release blog:

This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$7500][788453] High CVE-2017-15429: UXSS in V8. Reported by Anonymous on 2017-11-24.
Comment 1 Agostino Sarubbo gentoo-dev 2017-12-20 13:09:59 UTC
amd64 stable.

Maintainer(s), please cleanup.
Comment 2 D'juan McDonald (domhnall) 2018-01-05 17:27:13 UTC
Added to existing GLSA request.

@Security, please add bug ID to CVETool, thank you.



Gentoo Security Padawan
(Jmbailey/mbailey_j)
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2018-01-07 23:24:04 UTC
This issue was resolved and addressed in
 GLSA 201801-03 at https://security.gentoo.org/glsa/201801-03
by GLSA coordinator Aaron Bauman (b-man).