918849 – <www-client/google-chrome-119.0.6045.199 multiple vulnerabilities

Bug 918849 - <www-client/google-chrome-119.0.6045.199 multiple vulnerabilities

Summary: <www-client/google-chrome-119.0.6045.199 multiple vulnerabilities

Status:	RESOLVED DUPLICATE of bug 918882

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-11-29 10:15 UTC by Ian Kumlien
Modified:	2023-11-30 02:09 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ian Kumlien 2023-11-29 10:15:18 UTC

High CVE-2023-6348: Type Confusion in Spellcheck. 
High CVE-2023-6347: Use after free in Mojo.
High CVE-2023-6346: Use after free in WebAudio.
High CVE-2023-6350: Out of bounds memory access in libavif.
High CVE-2023-6351: Use after free in libavif.
High CVE-2023-6345: Integer overflow in Skia.

And claims that they are being actively exploited

Reproducible: Always

Comment 1 Sam James archtester

2023-11-30 02:09:56 UTC

I'll reverse-dupe bug 918882 as it has the commit tagged

*** This bug has been marked as a duplicate of bug 918882 ***