The Stable channel has been updated to 123.0.6312.86 to Linux which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 7 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$10000][327807820] Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03 [TBD][328958020] High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11 [N/A][330575496] High CVE-2024-2886: Use after free in WebCodecs. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21 [N/A][330588502] High CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul, via Pwn2Own 2024 on 2024-03-21 [331221727] Various fixes from internal audits, fuzzing and other initiatives
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=369e473ae345295eb573b977d00100599737a765 commit 369e473ae345295eb573b977d00100599737a765 Author: Matt Jolly <kangie@gentoo.org> AuthorDate: 2024-03-27 03:18:25 +0000 Commit: Matt Jolly <kangie@gentoo.org> CommitDate: 2024-03-27 03:29:15 +0000 www-client/google-chrome: automated update (123.0.6312.86) Bug: https://bugs.gentoo.org/927928 Signed-off-by: Matt Jolly <kangie@gentoo.org> www-client/google-chrome/Manifest | 2 +- ...e-chrome-123.0.6312.58.ebuild => google-chrome-123.0.6312.86.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2654967dea4583c0facea7f4fdfe013b2a79423 commit d2654967dea4583c0facea7f4fdfe013b2a79423 Author: Matt Jolly <kangie@gentoo.org> AuthorDate: 2024-03-27 12:25:00 +0000 Commit: Matt Jolly <kangie@gentoo.org> CommitDate: 2024-03-27 14:32:37 +0000 www-client/chromium: add 123.0.6312.86 Backport the 124 rust fixes and binhost/binpkg ebuild fixes Bug: https://bugs.gentoo.org/927928 Signed-off-by: Matt Jolly <kangie@gentoo.org> www-client/chromium/Manifest | 1 + www-client/chromium/chromium-123.0.6312.86.ebuild | 1438 +++++++++++++++++++++ 2 files changed, 1439 insertions(+)
Unable to identify appropriate edge version with fixes via MSRC.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=309ab763e094d02598a970a50a7f0836699fd887 commit 309ab763e094d02598a970a50a7f0836699fd887 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-12-07 10:13:10 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-12-07 10:13:37 +0000 [ GLSA 202412-05 ] Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/924450 Bug: https://bugs.gentoo.org/925161 Bug: https://bugs.gentoo.org/925666 Bug: https://bugs.gentoo.org/926230 Bug: https://bugs.gentoo.org/926869 Bug: https://bugs.gentoo.org/927312 Bug: https://bugs.gentoo.org/927928 Bug: https://bugs.gentoo.org/928462 Bug: https://bugs.gentoo.org/929112 Bug: https://bugs.gentoo.org/930124 Bug: https://bugs.gentoo.org/930647 Bug: https://bugs.gentoo.org/930994 Bug: https://bugs.gentoo.org/931548 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202412-05.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+)