Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 913710 (CVE-2023-4761, CVE-2023-4762, CVE-2023-4763, CVE-2023-4764)

Summary: <www-client/chromium-116.0.5845.187 <www-client/google-chrome-116.0.5845.187 <www-client/microsoft-edge-116.0.1938.76: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: ajak, chromium, kangie
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
See Also: https://github.com/gentoo/gentoo/pull/32728
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 914027, 915465    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-09-06 08:08:06 UTC 
[$TBD][1476403] High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28

[$TBD][1473247] High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16

[$TBD][1469928] High CVE-2023-4763: Use after free in Networks. Reported by anonymous on 2023-08-03

[$TBD][1447237] High CVE-2023-4764: Incorrect security UI in BFCache. Reported by Irvan Kurniawan (sourc7) on 2023-05-20
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-09-06 08:08:22 UTC 
Please bump to 116.0.5845.179.
Comment 2 Larry the Git Cow gentoo-dev 2023-09-12 02:42:22 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c38a15d665e88d7a58c1e11676a1c0c8aa1dea3

commit 3c38a15d665e88d7a58c1e11676a1c0c8aa1dea3
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2023-09-11 22:32:15 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2023-09-12 02:41:13 +0000

    www-client/chromium: stabilize 116.0.5845.187 for amd64
    
    Bug: https://bugs.gentoo.org/914027
    Bug: https://bugs.gentoo.org/913710
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 www-client/chromium/chromium-116.0.5845.187.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-01-31 15:40:01 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=8064a0b694d29fb2fca491d65494098fb43c2ffa

commit 8064a0b694d29fb2fca491d65494098fb43c2ffa
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-31 15:39:13 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-31 15:39:35 +0000

    [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/907999
    Bug: https://bugs.gentoo.org/908471
    Bug: https://bugs.gentoo.org/909283
    Bug: https://bugs.gentoo.org/910522
    Bug: https://bugs.gentoo.org/911675
    Bug: https://bugs.gentoo.org/912364
    Bug: https://bugs.gentoo.org/913016
    Bug: https://bugs.gentoo.org/913710
    Bug: https://bugs.gentoo.org/914350
    Bug: https://bugs.gentoo.org/914871
    Bug: https://bugs.gentoo.org/915137
    Bug: https://bugs.gentoo.org/915560
    Bug: https://bugs.gentoo.org/915961
    Bug: https://bugs.gentoo.org/916252
    Bug: https://bugs.gentoo.org/916620
    Bug: https://bugs.gentoo.org/917021
    Bug: https://bugs.gentoo.org/917357
    Bug: https://bugs.gentoo.org/918882
    Bug: https://bugs.gentoo.org/919321
    Bug: https://bugs.gentoo.org/919802
    Bug: https://bugs.gentoo.org/920442
    Bug: https://bugs.gentoo.org/921337
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-34.xml | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 229 insertions(+)