921369 – www-client/google-chrome: multiple vulnerabilities

Bug 921369 - www-client/google-chrome: multiple vulnerabilities

Summary: www-client/google-chrome: multiple vulnerabilities

Status:	RESOLVED DUPLICATE of bug 921337

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://chromereleases.googleblog.com...
Whiteboard:	B4 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2024-01-05 02:25 UTC by Christopher Fore
Modified:	2024-01-05 05:59 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christopher Fore 2024-01-05 02:25:03 UTC

https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html

CVE-2024-0222:

Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-0223:

Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-0224:

Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2024-0225:

Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)


The above are fixed in 120.0.6099.199

Comment 1 Sam James archtester

2024-01-05 05:59:11 UTC


*** This bug has been marked as a duplicate of bug 921337 ***