This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$10000][1469542] High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02 [$3000][1469754] High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03 [$2000][1470477] High CVE-2023-4428: Out of bounds memory access in CSS. Reported by Francisco Alonso (@revskills) on 2023-08-06 [$NA][1470668] High CVE-2023-4427: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-08-07 [$NA][1469348] Medium CVE-2023-4431: Out of bounds memory access in Fonts. Reported by Microsoft Security Researcher on 2023-08-01
Please bump to 116.0.5845.110.
Another one: https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html [$TBD][1472492] High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn(@_fwnfwn) on 2023-08-12 -> please update to 116.0.5845.140 instead
*** Bug 913234 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d4377b657c6d160fbe2bac24b197eff28e32b23 commit 9d4377b657c6d160fbe2bac24b197eff28e32b23 Author: Matt Jolly <Matt.Jolly@footclan.ninja> AuthorDate: 2023-08-30 03:03:32 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-02 07:57:39 +0000 www-client/chromium: add 116.0.5845.140 Bug: https://bugs.gentoo.org/913016 Bug: https://bugs.gentoo.org/912381 Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja> Signed-off-by: Sam James <sam@gentoo.org> www-client/chromium/Manifest | 2 + www-client/chromium/chromium-116.0.5845.140.ebuild | 1261 ++++++++++++++++++++ 2 files changed, 1263 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=8064a0b694d29fb2fca491d65494098fb43c2ffa commit 8064a0b694d29fb2fca491d65494098fb43c2ffa Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-31 15:39:13 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-31 15:39:35 +0000 [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/907999 Bug: https://bugs.gentoo.org/908471 Bug: https://bugs.gentoo.org/909283 Bug: https://bugs.gentoo.org/910522 Bug: https://bugs.gentoo.org/911675 Bug: https://bugs.gentoo.org/912364 Bug: https://bugs.gentoo.org/913016 Bug: https://bugs.gentoo.org/913710 Bug: https://bugs.gentoo.org/914350 Bug: https://bugs.gentoo.org/914871 Bug: https://bugs.gentoo.org/915137 Bug: https://bugs.gentoo.org/915560 Bug: https://bugs.gentoo.org/915961 Bug: https://bugs.gentoo.org/916252 Bug: https://bugs.gentoo.org/916620 Bug: https://bugs.gentoo.org/917021 Bug: https://bugs.gentoo.org/917357 Bug: https://bugs.gentoo.org/918882 Bug: https://bugs.gentoo.org/919321 Bug: https://bugs.gentoo.org/919802 Bug: https://bugs.gentoo.org/920442 Bug: https://bugs.gentoo.org/921337 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-34.xml | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 229 insertions(+)
