926869 – (CVE-2024-2400) <www-client/chromium-122.0.6261.128, <www-client/google-chrome-122.0.6261.128, <www-client/microsoft-edge-122.0.2365.92: multiple vulnerabilities

Bug 926869 (CVE-2024-2400) - <www-client/chromium-122.0.6261.128, <www-client/google-chrome-122.0.6261.128, <www-client/microsoft-edge-122.0.2365.92: multiple vulnerabilities

Summary: <www-client/chromium-122.0.6261.128, <www-client/google-chrome-122.0.6261.128...

Status:	RESOLVED FIXED

Alias:	CVE-2024-2400

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Chromium Project

URL:	https://chromereleases.googleblog.com...
Whiteboard:	A2 [glsa+]
Keywords:

Depends on:
Blocks:

Reported:	2024-03-13 02:08 UTC by Matt Jolly
Modified:	2024-12-07 10:14 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Jolly gentoo-dev

2024-03-13 02:08:08 UTC

The Stable channel has been updated to 122.0.6261.128 which will roll out over the coming days/weeks.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[TBD][327696052] High CVE-2024-2400: Use after free in Performance Manager. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2024-03-01

Comment 1 Larry the Git Cow gentoo-dev

2024-03-13 02:25:32 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ebbb57a68c7c91a1ea10f7674fd4d22f2f6048a

commit 8ebbb57a68c7c91a1ea10f7674fd4d22f2f6048a
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-03-13 02:15:31 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-03-13 02:22:55 +0000

    www-client/google-chrome: automated update (122.0.6261.128)
    
    Bug: https://bugs.gentoo.org/926869
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...chrome-122.0.6261.111.ebuild => google-chrome-122.0.6261.128.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

Comment 2 Larry the Git Cow gentoo-dev

2024-03-13 06:07:02 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7abce3b399537bca0c39e3307deeb32085d3659c

commit 7abce3b399537bca0c39e3307deeb32085d3659c
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-03-13 04:28:23 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-03-13 06:05:39 +0000

    www-client/chromium: add 122.0.6261.128
    
    Bug: https://bugs.gentoo.org/926869
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                       |    2 +
 www-client/chromium/chromium-122.0.6261.128.ebuild | 1386 ++++++++++++++++++++
 2 files changed, 1388 insertions(+)

Comment 3 Larry the Git Cow gentoo-dev

2024-03-16 07:40:39 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3dbbe726874d08791fdd46894bc9e39b44837cae

commit 3dbbe726874d08791fdd46894bc9e39b44837cae
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-03-16 07:25:35 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-03-16 07:38:55 +0000

    www-client/microsoft-edge: amd64 stable (122.0.2365.92)
    
    Bug: https://bugs.gentoo.org/926869
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/microsoft-edge/microsoft-edge-122.0.2365.92.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efdbe6a05a8afd9515cb230a55e7395647310ba8

commit efdbe6a05a8afd9515cb230a55e7395647310ba8
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-03-16 07:25:31 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-03-16 07:38:19 +0000

    www-client/microsoft-edge: automated bump (122.0.2365.92)
    
    Bug: https://bugs.gentoo.org/926869
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/microsoft-edge/Manifest                 |   1 +
 .../microsoft-edge-122.0.2365.92.ebuild            | 127 +++++++++++++++++++++
 2 files changed, 128 insertions(+)

Comment 4 Larry the Git Cow gentoo-dev

2024-12-07 10:13:47 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=309ab763e094d02598a970a50a7f0836699fd887

commit 309ab763e094d02598a970a50a7f0836699fd887
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-12-07 10:13:10 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-12-07 10:13:37 +0000

    [ GLSA 202412-05 ] Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/924450
    Bug: https://bugs.gentoo.org/925161
    Bug: https://bugs.gentoo.org/925666
    Bug: https://bugs.gentoo.org/926230
    Bug: https://bugs.gentoo.org/926869
    Bug: https://bugs.gentoo.org/927312
    Bug: https://bugs.gentoo.org/927928
    Bug: https://bugs.gentoo.org/928462
    Bug: https://bugs.gentoo.org/929112
    Bug: https://bugs.gentoo.org/930124
    Bug: https://bugs.gentoo.org/930647
    Bug: https://bugs.gentoo.org/930994
    Bug: https://bugs.gentoo.org/931548
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202412-05.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)