Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 940637 (CVE-2024-7025, CVE-2024-9369, CVE-2024-9370)

Summary: <www-client/chromium-129.0.6668.89, <www-client/google-chrome-129.0.6668.89, <www-client/microsoft-edge-129.0.2792.79, www-client/opera: Multiple vulnerabilities
Product: Gentoo Security Reporter: Matt Jolly <kangie>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: chromium, kangie
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop.html
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 940677    
Bug Blocks:    

Description Matt Jolly gentoo-dev 2024-10-02 07:04:29 UTC
The Stable channel has been updated to 129.0.6668.89 for Linux.

Security Fixes and Rewards

[$10000][367764861] High CVE-2024-7025: Integer overflow in Layout. Reported by Tashita Software Security on 2024-09-18
[TBD][368208152] High CVE-2024-9369: Insufficient data validation in Mojo. Reported by Xiantong Hou and Pisanbao of Wuheng Lab on 2024-09-19
[TBD][368311899] High CVE-2024-9370: Inappropriate implementation in V8. Reported by Nguyễn Hoàng Thạch, Đỗ Minh Tuấn, and Wu JinLin of STAR Labs SG Pte. Ltd. on 2024-09-19
Comment 1 Matt Jolly gentoo-dev 2024-10-02 07:22:55 UTC
Chrome updated in `1137a053f17d447d92c3a76e77541c639b174118`; mistyped the bug reference.
Comment 2 Larry the Git Cow gentoo-dev 2024-10-03 00:41:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=590739107a65159d0e4c19ee7918c3bd0f74b32f

commit 590739107a65159d0e4c19ee7918c3bd0f74b32f
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-10-02 23:45:43 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-10-03 00:40:13 +0000

    www-client/chromium: add 129.0.6668.89
    
    Bug: https://bugs.gentoo.org/940637
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                      |    1 +
 www-client/chromium/chromium-129.0.6668.89.ebuild | 1463 +++++++++++++++++++++
 2 files changed, 1464 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2024-10-08 00:13:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99a5f8b91fb0fb493938927b14d306895ceba446

commit 99a5f8b91fb0fb493938927b14d306895ceba446
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-10-08 00:10:32 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-10-08 00:12:52 +0000

    www-client/microsoft-edge: automated bump (129.0.2792.79)
    
    Bug: https://bugs.gentoo.org/940637
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/microsoft-edge/Manifest                 |   1 +
 .../microsoft-edge-129.0.2792.79.ebuild            | 126 +++++++++++++++++++++
 2 files changed, 127 insertions(+)