Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 937048 (CVE-2024-6990, CVE-2024-7255, CVE-2024-7256)

Summary: <www-client/chromium-127.0.6533.88, <www-client/google-chrome-127.0.6533.88, <www-client/microsoft-edge-127.0.2651.86, <www-client/opera-113.0.5230.47: Multiple vulnerabilities
Product: Gentoo Security Reporter: Matt Jolly <kangie>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: kangie
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 937049    
Bug Blocks:    

Description Matt Jolly gentoo-dev 2024-08-01 08:45:38 UTC
The Stable channel has been updated to 127.0.6533.88 for Linux which will roll out over the coming days/weeks. A

This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[TBD][353034820] Critical CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert on 2024-07-15
[TBD][352872238] High CVE-2024-7255: Out of bounds read in WebTransport. Reported by Marten Richter on 2024-07-13[
TBD][354748060] High CVE-2024-7256: Insufficient data validation in Dawn. Reported by gelatin dessert on 2024-07-23
Comment 1 Larry the Git Cow gentoo-dev 2024-08-01 08:58:19 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aaa200f9815641408ff9e472588ed645ef25dee9

commit aaa200f9815641408ff9e472588ed645ef25dee9
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-08-01 08:47:10 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-08-01 08:57:49 +0000

    www-client/google-chrome: automated update (127.0.6533.88)
    
    Bug: https://bugs.gentoo.org/937048
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...e-chrome-127.0.6533.72.ebuild => google-chrome-127.0.6533.88.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)