Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 795201 (CVE-2021-30551)

Summary: [TRACKER] Type Confusion in V8 (CVE-2021-30551)
Product: Gentoo Security Reporter: Thomas Deutschmann <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: gyakovlev
Priority: Normal Keywords: Tracker
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 800181, 795204    
Bug Blocks:    

Description Thomas Deutschmann gentoo-dev Security 2021-06-10 09:39:06 UTC
A type confusion flaw was found in the V8 component of the Chromium browser.

Upstream bug(s):

https://code.google.com/p/chromium/issues/detail?id=1216437

External References:

https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
Comment 1 Richard Yao (RETIRED) gentoo-dev 2021-06-11 18:26:14 UTC
This vulnerability is under active exploitation:

https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html

I assume that dev-qt/qtwebengine is also affected, as it is a library version of chromium.

It be worthwhile to review the potential for exploitation of this vulnerability in the electron software in the tree. Off the top of my head, that includes:

net-im/discord-bin
net-im/signal-desktop-bin

There are probably others. Embedded chromium is in many places.

I had mistakenly posted about this in bug #789420.
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:21:50 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:30:00 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:37:58 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:46:05 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:02:02 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:10:22 UTC
Package list is empty or all packages have requested keywords.