Bug 925161 (CVE-2024-1669, CVE-2024-1670, CVE-2024-1671, CVE-2024-1672, CVE-2024-1673, CVE-2024-1674, CVE-2024-1675, CVE-2024-1676)

Summary:	<www-client/chromium-122.0.6261.57 <www-client/google-chrome-122.0.6261.57, <www-client/microsoft-edge-122.0.2365.52, <www-client/opera-108.0.5067.20: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Matt Jolly <kangie>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	ajak, chromium, gentoo.bugs, kangie
Priority:	Normal	Keywords:	PullRequest
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://github.com/gentoo/gentoo/pull/35464
Whiteboard:	A2 [glsa+]
Package list:		Runtime testing required:	---

Description Matt Jolly gentoo-dev

2024-02-21 10:06:09 UTC

Chrome 122.0.6261.57 (Linux and Mac), 122.0.6261.57/.58( Windows) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 122.

Security Fixes and Rewards

This update includes 12 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$7000][41495060] High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26

[$5000][41481374] High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim(@cassidy6564) on 2023-12-06

[$8000][41487933] Medium CVE-2024-1671: Inappropriate implementation in Site Isolation. Reported by Harry Chen on 2024-01-03

[$3000][41485789] Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy. Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien) on 2023-12-19

[$2000][41490491] Medium CVE-2024-1673: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-01-11

[$1000][40095183] Medium CVE-2024-1674: Inappropriate implementation in Navigation. Reported by David Erceg on 2019-05-27

[$1000][41486208] Medium CVE-2024-1675: Insufficient policy enforcement in Download. Reported by Bartłomiej Wacko on 2023-12-21

[$1000][40944847] Low CVE-2024-1676: Inappropriate implementation in Navigation. Reported by Khalil Zhani on 2023-11-21

As usual, our ongoing internal security work was responsible for a wide range of fixes:

[326063910] Various fixes from internal audits, fuzzing and other initiatives

Comment 1 Larry the Git Cow gentoo-dev

2024-02-22 04:28:42 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a459c12753183164602e44a9a9c1374c0f14ecb

commit 1a459c12753183164602e44a9a9c1374c0f14ecb
Author:     Ninpo <ninpo@qap.la>
AuthorDate: 2024-02-21 11:56:36 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-02-22 04:27:45 +0000

    www-client/chromium: add 122.0.6261.57
    
    Bug: https://bugs.gentoo.org/925161
    Signed-off-by: Ninpo <ninpo@qap.la>
    Closes: https://github.com/gentoo/gentoo/pull/35464
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/Manifest                      |    1 +
 www-client/chromium/chromium-122.0.6261.57.ebuild | 1382 +++++++++++++++++++++
 2 files changed, 1383 insertions(+)

Comment 2 Laszlo Valko 2024-02-23 12:07:25 UTC

sorry guys, this is aleady obsolete...
now we have .69/.70 out
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_22.html

Comment 3 Larry the Git Cow gentoo-dev

2024-02-28 03:58:47 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfac90a71388e926e1e2fa909b2082d2b34b8ea3

commit dfac90a71388e926e1e2fa909b2082d2b34b8ea3
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-02-28 03:28:40 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-02-28 03:58:14 +0000

    www-client/microsoft-edge: automated bump (122.0.2365.59)
    
    Bug: https://bugs.gentoo.org/925161
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/microsoft-edge/Manifest                 |   1 +
 .../microsoft-edge-122.0.2365.59.ebuild            | 127 +++++++++++++++++++++
 2 files changed, 128 insertions(+)

Comment 4 Larry the Git Cow gentoo-dev

2024-12-07 10:13:49 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=309ab763e094d02598a970a50a7f0836699fd887

commit 309ab763e094d02598a970a50a7f0836699fd887
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-12-07 10:13:10 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-12-07 10:13:37 +0000

    [ GLSA 202412-05 ] Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/924450
    Bug: https://bugs.gentoo.org/925161
    Bug: https://bugs.gentoo.org/925666
    Bug: https://bugs.gentoo.org/926230
    Bug: https://bugs.gentoo.org/926869
    Bug: https://bugs.gentoo.org/927312
    Bug: https://bugs.gentoo.org/927928
    Bug: https://bugs.gentoo.org/928462
    Bug: https://bugs.gentoo.org/929112
    Bug: https://bugs.gentoo.org/930124
    Bug: https://bugs.gentoo.org/930647
    Bug: https://bugs.gentoo.org/930994
    Bug: https://bugs.gentoo.org/931548
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202412-05.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)