Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 937510 (CVE-2024-7532, CVE-2024-7533, CVE-2024-7534, CVE-2024-7535, CVE-2024-7536, CVE-2024-7550)

Summary: <www-client/chromium-127.0.6533.99, <www-client/google-chrome-127.0.6533.99, <www-client/microsoft-edge-127.0.2651.98, <www-client/opera-113.0.5230.47: Multiple vulnerabilities
Product: Gentoo Security Reporter: Matt Jolly <kangie>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: chromium, kangie
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 944807, 937519    
Bug Blocks:    

Description Matt Jolly gentoo-dev 2024-08-07 07:48:54 UTC
The Stable channel has been updated to 127.0.6533.99 for Linux which will roll out over the coming days/weeks. 

This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[TBD][350528343] Critical CVE-2024-7532: Out of bounds memory access in ANGLE. Reported by wgslfuzz on 2024-07-02

[$11000][353552540] High CVE-2024-7533: Use after free in Sharing. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-07-17

[$7000][355256380] High CVE-2024-7550: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-07-25

[TBD][352467338] High CVE-2024-7534: Heap buffer overflow in Layout. Reported by Tashita Software Security on 2024-07-11

[TBD][352690885] High CVE-2024-7535: Inappropriate implementation in V8. Reported by Tashita Software Security on 2024-07-12

[TBD][354847246] High CVE-2024-7536: Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564) on 2024-07-23
Comment 1 Larry the Git Cow gentoo-dev 2024-08-07 14:43:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=213cf8bacaee8816cd161bf4f48879befede462d

commit 213cf8bacaee8816cd161bf4f48879befede462d
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-08-07 10:26:20 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-08-07 14:40:32 +0000

    www-client/chromium: add 127.0.6533.99
    
    Attempt to detect and `die` if ld is 'mold'.
    
    This is not supported and causes builds to fail
    when targets are linked.
    
    Bug: https://bugs.gentoo.org/936858
    Bug: https://bugs.gentoo.org/937510
    Closes: https://bugs.gentoo.org/936792
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                      |    2 +
 www-client/chromium/chromium-127.0.6533.99.ebuild | 1480 +++++++++++++++++++++
 2 files changed, 1482 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55e15cff8bf84b596d0ce27b81fa171a8748daec

commit 55e15cff8bf84b596d0ce27b81fa171a8748daec
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-08-07 07:44:51 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-08-07 14:40:27 +0000

    www-client/google-chrome: automated update (127.0.6533.99)
    
    Bug: https://bugs.gentoo.org/937510
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...e-chrome-127.0.6533.88.ebuild => google-chrome-127.0.6533.99.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)