Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 936247 (CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE-2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779)

Summary: <www-client/chromium-126.0.6478.182 <www-client/google-chrome-126.0.6478.182, <www-client/microsoft-edge-126.0.2592.113, <www-client/opera-112.0.5197.53: Multiple vulnerabilities
Product: Gentoo Security Reporter: Matt Jolly <kangie>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: chromium, kangie
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 936248    
Bug Blocks:    

Description Matt Jolly gentoo-dev 2024-07-18 10:02:49 UTC
The Stable channel has been updated to 126.0.6478.182 for Linux.

Security Fixes and Rewards

This update includes 10 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$10000][346597059] High CVE-2024-6772: Inappropriate implementation in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-06-12

[$7000][347724915] High CVE-2024-6773: Type Confusion in V8. Reported by 2ourc3 | Salim Largo on 2024-06-17

[$6000][346898524] High CVE-2024-6774: Use after free in Screen Capture. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-13

[$5000][347373236] High CVE-2024-6775: Use after free in Media Stream. Reported by Anonymous on 2024-06-15

[$4000][346692546] High CVE-2024-6776: Use after free in Audio. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-12

[$2500][345640549] High CVE-2024-6777: Use after free in Navigation. Reported by Sven Dysthe (@svn-dys) on 2024-06-07

[TBD][341136300] High CVE-2024-6778: Race in DevTools. Reported by Allen Ding on 2024-05-16

[TBD][351327767] High CVE-2024-6779: Out of bounds memory access in V8. Reported by Seunghyun Lee (@0x10n) on 2024-07-06
Comment 1 Larry the Git Cow gentoo-dev 2024-07-18 10:04:02 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83c8551c975149de369a680810d476fba8a18b75

commit 83c8551c975149de369a680810d476fba8a18b75
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-07-18 06:34:30 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-07-18 10:03:02 +0000

    www-client/chromium: add 126.0.6478.182
    
    Bug: https://bugs.gentoo.org/936247
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                       |    2 +
 www-client/chromium/chromium-126.0.6478.182.ebuild | 1452 ++++++++++++++++++++
 2 files changed, 1454 insertions(+)