Summary: | [TRACKER] Type Confusion in V8 (CVE-2021-30551) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | gyakovlev |
Priority: | Normal | Keywords: | Tracker |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 795204, 800181 | ||
Bug Blocks: |
Description
Thomas Deutschmann (RETIRED)
2021-06-10 09:39:06 UTC
This vulnerability is under active exploitation: https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html I assume that dev-qt/qtwebengine is also affected, as it is a library version of chromium. It be worthwhile to review the potential for exploitation of this vulnerability in the electron software in the tree. Off the top of my head, that includes: net-im/discord-bin net-im/signal-desktop-bin There are probably others. Embedded chromium is in many places. I had mistakenly posted about this in bug #789420. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. |