Bug 943403 (CVE-2024-11110, CVE-2024-11111, CVE-2024-11112, CVE-2024-11113, CVE-2024-11114, CVE-2024-11115, CVE-2024-11116, CVE-2024-11117)

Summary:	<www-client/chromium-131.0.6778.69, <www-client/google-chrome-131.0.6778.69, <www-client/microsoft-edge-131.0.6778.69, www-client/opera: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Matt Jolly <kangie>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	normal	CC:	chromium, ellie.bit03, kangie, lyly.gm19, tradaumr.do127notranglong
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html
Whiteboard:	A2 [ebuild]
Package list:		Runtime testing required:	---
Bug Depends on:	943561, 944073
Bug Blocks:

Description Matt Jolly gentoo-dev

2024-11-14 00:40:06 UTC

Chrome 131.0.6778.69 has been released and includes the following security fixes:


[TBD][373263969] High CVE-2024-11110: Inappropriate implementation in Blink. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2024-10-14

[$1000][360520331] Medium CVE-2024-11111: Inappropriate implementation in Autofill. Reported by Narendra Bhati, Suma Soft Pvt. Ltd - Pune (India) on 2024-08-18

[TBD][354824998] Medium CVE-2024-11112: Use after free in Media. Reported by Nan Wang(@eternalsakura13) and Zhenghang Xiao(@Kipreyyy) of 360 Vulnerability Research Institute on 2024-07-23

[TBD][360274917] Medium CVE-2024-11113: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-08-16

[TBD][370856871] Medium CVE-2024-11114: Inappropriate implementation in Views. Reported by Micky on 2024-10-02

[TBD][371929521] Medium CVE-2024-11115: Insufficient policy enforcement in Navigation. Reported by mastersplinter on 2024-10-07

[TBD][40942531] Medium CVE-2024-11116: Inappropriate implementation in Paint. Reported by Thomas Orlita on 2023-11-14

[TBD][40062534] Low CVE-2024-11117: Inappropriate implementation in FileSystem. Reported by Ameen Basha M K on 2023-01-06

Comment 1 Larry the Git Cow gentoo-dev

2024-11-15 21:46:30 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae83aa7e8cf45bf49dcf69fda84857ced94e81eb

commit ae83aa7e8cf45bf49dcf69fda84857ced94e81eb
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-11-14 12:17:49 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-11-15 21:46:17 +0000

    www-client/google-chrome: automated update (131.0.6778.69)
    
    Bug: https://bugs.gentoo.org/943403
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...-chrome-130.0.6723.116.ebuild => google-chrome-131.0.6778.69.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=624322d5003073794ce4443da137b864c7b92100

commit 624322d5003073794ce4443da137b864c7b92100
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-11-14 11:50:23 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-11-15 21:46:12 +0000

    www-client/chromium: add 131.0.6778.69, 132.0.6834.6
    
    Bug: https://bugs.gentoo.org/943403
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                      |    4 +
 www-client/chromium/chromium-131.0.6778.69.ebuild | 1423 ++++++++++++++++++++
 www-client/chromium/chromium-132.0.6834.6.ebuild  | 1434 +++++++++++++++++++++
 3 files changed, 2861 insertions(+)

Comment 2 Lyly 2024-12-25 03:00:16 UTC Comment hidden (spam)

(In reply to Larry the Git Cow from comment #1)
> The bug has been referenced in the following commit(s):
> 
> https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=ae83aa7e8cf45bf49dcf69fda84857ced94e81eb
> 
> commit ae83aa7e8cf45bf49dcf69fda84857ced94e81eb
> Author:     Matt Jolly <kangie@gentoo.org>
> AuthorDate: 2024-11-14 12:17:49 +0000
> Commit:     Matt Jolly <kangie@gentoo.org>
> CommitDate: 2024-11-15 21:46:17 +0000
> 
>     www-client/google-chrome: automated update (131.0.6778.69)
>     
>     Bug: https://bugs.gentoo.org/943403
>     Signed-off-by: Matt Jolly <kangie@gentoo.org>
> 
>  www-client/google-chrome/Manifest                                       | 2
> +-
>  ...-chrome-130.0.6723.116.ebuild => google-chrome-131.0.6778.69.ebuild} | 0
>  2 files changed, 1 insertion(+), 1 deletion(-)
> 
> https://gitweb.gentoo.org/repo/gentoo.git/commit/ https://retrobowl25.com
> ?id=624322d5003073794ce4443da137b864c7b92100
> 
> commit 624322d5003073794ce4443da137b864c7b92100
> Author:     Matt Jolly <kangie@gentoo.org>
> AuthorDate: 2024-11-14 11:50:23 +0000
> Commit:     Matt Jolly <kangie@gentoo.org>
> CommitDate: 2024-11-15 21:46:12 +0000
> 
>     www-client/chromium: add 131.0.6778.69, 132.0.6834.6
>     
>     Bug: https://bugs.gentoo.org/943403
>     Signed-off-by: Matt Jolly <kangie@gentoo.org>
> 
>  www-client/chromium/Manifest                      |    4 +
>  www-client/chromium/chromium-131.0.6778.69.ebuild | 1423
> ++++++++++++++++++++
>  www-client/chromium/chromium-132.0.6834.6.ebuild  | 1434
> +++++++++++++++++++++
>  3 files changed, 2861 insertions(+)

These updates improve the stability and security of these browser applications on Gentoo systems.

Comment 3 EllieBit 2025-01-14 07:32:27 UTC

Bug 943403 affects multiple vulnerabilities in Chromium, Google Chrome, Microsoft Edge, and Opera, and is currently confirmed with a Normal Importance status.

Comment 4 retrobowl 2025-02-26 09:38:01 UTC

thanks your post <a href="https://retrobowl.me">retrobowl.me</a>

Comment 5 retrobowl 2025-03-10 09:37:02 UTC

Security vulnerabilities like these highlight the importance of keeping browsers updated. Stay safe online! Also, take a break and enjoy some fun with https://amongus-online.io/