Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 930647 (CVE-2024-4058, CVE-2024-4059, CVE-2024-4060)

Summary: <www-client/chromium-124.0.6367.78 <www-client/google-chrome-124.0.6367.78 www-client/microsoft-edge, www-client/opera: multiple vulnerabilities
Product: Gentoo Security Reporter: Matt Jolly <kangie>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: chromium, kangie
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html
Whiteboard: A2 [stable]
Package list:
Runtime testing required: ---
Bug Depends on: 930648    
Bug Blocks:    

Description Matt Jolly gentoo-dev 2024-04-25 02:01:50 UTC
The Stable channel has been updated to 124.0.6367.78/.79 for Windows and Mac and 124.0.6367.78 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

Security Fixes and Rewards

This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$16000][332546345] Critical CVE-2024-4058: Type Confusion in ANGLE. Reported by Toan (suto) Pham and Bao (zx) Pham of Qrious Secure on 2024-04-02

[TBD][333182464] High CVE-2024-4059: Out of bounds read in V8 API. Reported by Eirik on 2024-04-08

[TBD][333420620] High CVE-2024-4060: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09
Comment 1 Larry the Git Cow gentoo-dev 2024-04-25 06:30:58 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=929bf6282e44a7230406053927ad2b381c1bf7fd

commit 929bf6282e44a7230406053927ad2b381c1bf7fd
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-04-24 05:46:34 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-04-25 06:28:33 +0000

    www-client/chromium: add 124.0.6367.78
    
    add ppc64 keyword; up disk space checks.
    
    Bug: https://bugs.gentoo.org/930647
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                          |  6 ++----
 ....6312.122.ebuild => chromium-124.0.6367.78.ebuild} | 19 ++++++++-----------
 2 files changed, 10 insertions(+), 15 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=297cdf4f0a19ae3758c3430a63984be62beb616a

commit 297cdf4f0a19ae3758c3430a63984be62beb616a
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-04-24 05:24:29 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-04-25 06:28:31 +0000

    www-client/google-chrome: automated update (124.0.6367.78)
    
    Bug: https://bugs.gentoo.org/930647
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...e-chrome-124.0.6367.60.ebuild => google-chrome-124.0.6367.78.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)