Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 922340 (CVE-2024-0517, CVE-2024-0518, CVE-2024-0519) - <www-client/chromium-120.0.6099.224 <www-client/google-chrome-120.0.6099.224 <www-client/microsoft-edge-120.0.2210.144: Multiple vulnerabilities
Summary: <www-client/chromium-120.0.6099.224 <www-client/google-chrome-120.0.6099.224 ...
Status: RESOLVED FIXED
Alias: CVE-2024-0517, CVE-2024-0518, CVE-2024-0519
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa+]
Keywords: PullRequest
Depends on: 922189
Blocks:
  Show dependency tree
 
Reported: 2024-01-18 03:30 UTC by Sam James
Modified: 2024-02-19 06:14 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-01-18 03:30:27 UTC
This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$16000][1515930] High CVE-2024-0517: Out of bounds write in V8. Reported by Toan (suto) Pham of Qrious Secure on 2024-01-06
[$1000][1507412] High CVE-2024-0518: Type Confusion in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-12-03
[$TBD][1517354] High CVE-2024-0519: Out of bounds memory access in V8. Reported by Anonymous on 2024-01-11
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-01-18 03:30:49 UTC
Please bump to 120.0.6099.224.
Comment 2 Larry the Git Cow gentoo-dev 2024-01-18 07:56:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=72516a2f67b3fefc53d47bc2dfb19edc9ff161fc

commit 72516a2f67b3fefc53d47bc2dfb19edc9ff161fc
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2024-01-18 06:40:04 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-01-18 07:52:15 +0000

    www-client/chromium: add 120.0.6099.224
    
    Bump raptor patches to .199
    
    Bug: https://bugs.gentoo.org/922340
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/Manifest                       |    2 +
 www-client/chromium/chromium-120.0.6099.224.ebuild | 1286 ++++++++++++++++++++
 2 files changed, 1288 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2024-02-19 06:10:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=7a125f7a086a739d056063da56386fef4fe01284

commit 7a125f7a086a739d056063da56386fef4fe01284
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-19 05:58:06 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2024-02-19 06:10:22 +0000

    [ GLSA 202402-23 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/922062
    Bug: https://bugs.gentoo.org/922340
    Bug: https://bugs.gentoo.org/922903
    Bug: https://bugs.gentoo.org/923370
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202402-23.xml | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)