Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 923966 (CVE-2024-1283, CVE-2024-1284)

Summary: <www-client/chromium-121.0.6167.160, <www-client/google-chrome-121.0.6167.160, <www-client/microsoft-edge-121.0.2277.113 <www-client/opera-107.0.5045.21: multiple vulnerabilities
Product: Gentoo Security Reporter: Matt Jolly <kangie>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: chromium, kangie
Priority: Normal Keywords: PullRequest
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html
See Also: https://github.com/gentoo/gentoo/pull/35208
https://github.com/gentoo/gentoo/pull/35238
https://github.com/gentoo/gentoo/pull/35244
Whiteboard: A3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 927746    
Bug Blocks:    

Description Matt Jolly gentoo-dev 2024-02-07 04:54:18 UTC 
The Stable channel has been updated to 121.0.6167.160 for Mac and Linux and 121.0.6167.160/161 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

This update includes 3 security fixes:

[$5000][41494539] High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25
[$TBD][41494860] High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti (@r3tr074) on 2024-01-25

The third security fix has not yet been revealed
Comment 1 Larry the Git Cow gentoo-dev 2024-02-08 01:21:45 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9432de66cac53ec59aef3f5de55afa12a00b1f15

commit 9432de66cac53ec59aef3f5de55afa12a00b1f15
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2024-02-07 05:03:54 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-02-08 01:20:56 +0000

    www-client/google-chrome: automated update (121.0.6167.160)
    
    Bug: https://bugs.gentoo.org/923966
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...chrome-121.0.6167.139.ebuild => google-chrome-121.0.6167.160.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
Comment 2 Larry the Git Cow gentoo-dev 2024-02-09 03:25:15 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e2c9b7898175ff085ff1535563fcf8de0c76af4

commit 7e2c9b7898175ff085ff1535563fcf8de0c76af4
Author:     Ninpo <ninpo@qap.la>
AuthorDate: 2024-02-09 01:25:01 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-02-09 03:24:38 +0000

    www-client/chromium: add 121.0.6167.160
    
    Bug: https://bugs.gentoo.org/923966
    Signed-off-by: Ninpo <ninpo@qap.la>
    Closes: https://github.com/gentoo/gentoo/pull/35238
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/Manifest                       |    4 +
 www-client/chromium/chromium-121.0.6167.160.ebuild | 1367 ++++++++++++++++++++
 2 files changed, 1371 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2024-02-11 00:37:51 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e34aa9fc0f75169924ab3e228e0afe36995c30d

commit 9e34aa9fc0f75169924ab3e228e0afe36995c30d
Author:     Ninpo <ninpo@qap.la>
AuthorDate: 2024-02-09 11:52:53 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-02-11 00:37:36 +0000

    www-client/microsoft-edge: drop 121.0.2277.106
    
    Bug: https://bugs.gentoo.org/923966
    Signed-off-by: Ninpo <ninpo@qap.la>
    Closes: https://github.com/gentoo/gentoo/pull/35244
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/microsoft-edge/Manifest                 |   1 -
 .../microsoft-edge-121.0.2277.106.ebuild           | 127 ---------------------
 2 files changed, 128 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a82677cfa694ac273d8caab44fa829628e7d7693

commit a82677cfa694ac273d8caab44fa829628e7d7693
Author:     Ninpo <ninpo@qap.la>
AuthorDate: 2024-02-09 11:52:09 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-02-11 00:37:36 +0000

    www-client/microsoft-edge: stabilize 121.0.2277.113 for amd64
    
    Bug: https://bugs.gentoo.org/923966
    Signed-off-by: Ninpo <ninpo@qap.la>
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/microsoft-edge/microsoft-edge-121.0.2277.113.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e983ce768b70aaca354c29fc4816018c75e32fa

commit 8e983ce768b70aaca354c29fc4816018c75e32fa
Author:     Ninpo <ninpo@qap.la>
AuthorDate: 2024-02-09 11:50:07 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-02-11 00:37:31 +0000

    www-client/microsoft-edge: add 121.0.2277.113
    
    Bug: https://bugs.gentoo.org/923966
    Signed-off-by: Ninpo <ninpo@qap.la>
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/microsoft-edge/Manifest                 |   1 +
 .../microsoft-edge-121.0.2277.113.ebuild           | 127 +++++++++++++++++++++
 2 files changed, 128 insertions(+)