Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 922062 (CVE-2024-0333)

Summary: <www-client/chromium-120.0.6099.216 <www-client/google-chrome-120.0.6099.216 <www-client/microsoft-edge-120.0.2210.133: Insufficient data validation in Extensions
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: ajak, chromium, kangie
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html
See Also: https://github.com/gentoo/gentoo/pull/34793
Whiteboard: A3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 922189    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-01-13 20:40:31 UTC
[$TBD][1513379] High CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg (@malcolmst) of SODIUM-24, LLC on 2023-12-20
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-01-13 20:40:44 UTC
Please bump to 120.0.6099.216. Thanks!
Comment 2 Larry the Git Cow gentoo-dev 2024-01-14 02:30:43 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51edee9b1899c1f13851fa67f07e767f0397a371

commit 51edee9b1899c1f13851fa67f07e767f0397a371
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2024-01-14 01:39:58 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-01-14 02:29:27 +0000

    www-client/chromium: add 120.0.6099.216
    
    Bug: https://bugs.gentoo.org/922062
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/Manifest                       |    1 +
 www-client/chromium/chromium-120.0.6099.216.ebuild | 1286 ++++++++++++++++++++
 2 files changed, 1287 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2026f3acfe7eaa198deee09756a5151f65ab7358

commit 2026f3acfe7eaa198deee09756a5151f65ab7358
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2024-01-13 21:16:41 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-01-14 02:29:22 +0000

    www-client/google-chrome: automated update (120.0.6099.216)
    
    Bug: https://bugs.gentoo.org/922062
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...chrome-120.0.6099.199.ebuild => google-chrome-120.0.6099.216.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-02-19 06:11:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=7a125f7a086a739d056063da56386fef4fe01284

commit 7a125f7a086a739d056063da56386fef4fe01284
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-19 05:58:06 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2024-02-19 06:10:22 +0000

    [ GLSA 202402-23 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/922062
    Bug: https://bugs.gentoo.org/922340
    Bug: https://bugs.gentoo.org/922903
    Bug: https://bugs.gentoo.org/923370
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202402-23.xml | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)