Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 930994 (CVE-2024-4331, CVE-2024-4368)

Summary: <www-client/chromium-124.0.6367.118 <www-client/google-chrome-124.0.6367.118 www-client/microsoft-edge, www-client/opera: multiple vulnerabilities
Product: Gentoo Security Reporter: Matt Jolly <kangie>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: chromium, kangie
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_30.html
Whiteboard: A2 [stable]
Package list:
Runtime testing required: ---
Bug Depends on: 931008    
Bug Blocks:    

Description Matt Jolly gentoo-dev 2024-05-01 02:10:45 UTC 
The Stable channel has been updated to 124.0.6367.118 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

This update includes 2 security fixes.

[$3000][335003891] High CVE-2024-4331: Use after free in Picture In Picture. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-04-16

[TBD][333508731] High CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09
Comment 1 Larry the Git Cow gentoo-dev 2024-05-01 06:38:14 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b713f450c90088dbe4cfb26716c445b70c187d8

commit 0b713f450c90088dbe4cfb26716c445b70c187d8
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-05-01 02:33:03 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-05-01 06:38:05 +0000

    www-client/chromium: add 124.0.6367.118
    
    Bug: https://bugs.gentoo.org/930994
    Closes: https://bugs.gentoo.org/930854
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                       |    2 +
 www-client/chromium/chromium-124.0.6367.118.ebuild | 1437 ++++++++++++++++++++
 2 files changed, 1439 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e66d0505071fdb07078b0628cdd151c93116fcaa

commit e66d0505071fdb07078b0628cdd151c93116fcaa
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-05-01 02:11:23 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-05-01 06:38:01 +0000

    www-client/google-chrome: automated update (124.0.6367.118)
    
    Bug: https://bugs.gentoo.org/930994
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...-chrome-124.0.6367.78.ebuild => google-chrome-124.0.6367.118.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)