Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 924450 - <www-client/chromium-121.0.6167.184, <www-client/google-chrome-121.0.6167.184, www-client/microsoft-edge, www-client/opera: undisclosed vulnerability
Summary: <www-client/chromium-121.0.6167.184, <www-client/google-chrome-121.0.6167.184...
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa?]
Keywords:
Depends on: 924567
Blocks:
  Show dependency tree
 
Reported: 2024-02-14 03:25 UTC by Matt Jolly
Modified: 2024-04-05 09:17 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jolly gentoo-dev 2024-02-14 03:25:20 UTC
The Stable channel has been updated to 121.0.6167.184 for Mac and Linux and 121.0.6167.184/185 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 1 security fix. 

https://issues.chromium.org/issues/325069765 references a high severity issue: https://issues.chromium.org/issues/41491976 which is not yet publicly visible, presumed to be the aforementioned security fix / vulnerability.
Comment 1 Larry the Git Cow gentoo-dev 2024-02-14 13:11:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61c93d614f660f98585ab971f39a55b1e8435ecc

commit 61c93d614f660f98585ab971f39a55b1e8435ecc
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-02-14 13:08:49 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-02-14 13:10:26 +0000

    www-client/google-chrome: automated update (121.0.6167.184)
    
    Bug: https://bugs.gentoo.org/924450
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...chrome-121.0.6167.160.ebuild => google-chrome-121.0.6167.184.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
Comment 2 Hans de Graaff gentoo-dev Security 2024-02-14 13:43:13 UTC
I think we can safely assume remote passive compromise for this, updated whiteboard accordingly.
Comment 3 Larry the Git Cow gentoo-dev 2024-02-14 15:17:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=332eb08481c089517b54359348e61e1848521799

commit 332eb08481c089517b54359348e61e1848521799
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-02-14 12:51:18 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-02-14 15:14:40 +0000

    www-client/chromium: add 121.0.6167.184
    
    Includes a backport to fix plasma wayland cursors.
    
    Bug: https://bugs.gentoo.org/924450
    Closes: https://bugs.gentoo.org/922399
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                       |    4 +
 www-client/chromium/chromium-121.0.6167.184.ebuild | 1367 ++++++++++++++++++++
 2 files changed, 1371 insertions(+)