Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 641376 (CVE-2017-15429) - <www-client/chromium-63.0.3239.108 universal cross-site scripting in V8
Summary: <www-client/chromium-63.0.3239.108 universal cross-site scripting in V8
Alias: CVE-2017-15429
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: A4 [glsa cve]
Depends on:
Reported: 2017-12-16 13:56 UTC by Mike Gilbert
Modified: 2018-01-07 23:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2017-12-16 13:56:54 UTC
From the release blog:

This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$7500][788453] High CVE-2017-15429: UXSS in V8. Reported by Anonymous on 2017-11-24.
Comment 1 Agostino Sarubbo gentoo-dev 2017-12-20 13:09:59 UTC
amd64 stable.

Maintainer(s), please cleanup.
Comment 2 D'juan McDonald (domhnall) 2018-01-05 17:27:13 UTC
Added to existing GLSA request.

@Security, please add bug ID to CVETool, thank you.

Gentoo Security Padawan
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2018-01-07 23:24:04 UTC
This issue was resolved and addressed in
 GLSA 201801-03 at
by GLSA coordinator Aaron Bauman (b-man).