Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 930647 (CVE-2024-4058, CVE-2024-4059, CVE-2024-4060) - <www-client/chromium-124.0.6367.78 <www-client/google-chrome-124.0.6367.78, <www-client/microsoft-edge-124.0.2478.67, <www-client/opera-110.0.5130.35: multiple vulnerabilities
Summary: <www-client/chromium-124.0.6367.78 <www-client/google-chrome-124.0.6367.78, <...
Status: RESOLVED FIXED
Alias: CVE-2024-4058, CVE-2024-4059, CVE-2024-4060
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 930648 944807
Blocks:
  Show dependency tree
 
Reported: 2024-04-25 02:01 UTC by Matt Jolly
Modified: 2024-12-07 10:15 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jolly gentoo-dev 2024-04-25 02:01:50 UTC
The Stable channel has been updated to 124.0.6367.78/.79 for Windows and Mac and 124.0.6367.78 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

Security Fixes and Rewards

This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$16000][332546345] Critical CVE-2024-4058: Type Confusion in ANGLE. Reported by Toan (suto) Pham and Bao (zx) Pham of Qrious Secure on 2024-04-02

[TBD][333182464] High CVE-2024-4059: Out of bounds read in V8 API. Reported by Eirik on 2024-04-08

[TBD][333420620] High CVE-2024-4060: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09
Comment 1 Larry the Git Cow gentoo-dev 2024-04-25 06:30:58 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=929bf6282e44a7230406053927ad2b381c1bf7fd

commit 929bf6282e44a7230406053927ad2b381c1bf7fd
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-04-24 05:46:34 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-04-25 06:28:33 +0000

    www-client/chromium: add 124.0.6367.78
    
    add ppc64 keyword; up disk space checks.
    
    Bug: https://bugs.gentoo.org/930647
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                          |  6 ++----
 ....6312.122.ebuild => chromium-124.0.6367.78.ebuild} | 19 ++++++++-----------
 2 files changed, 10 insertions(+), 15 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=297cdf4f0a19ae3758c3430a63984be62beb616a

commit 297cdf4f0a19ae3758c3430a63984be62beb616a
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-04-24 05:24:29 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-04-25 06:28:31 +0000

    www-client/google-chrome: automated update (124.0.6367.78)
    
    Bug: https://bugs.gentoo.org/930647
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...e-chrome-124.0.6367.60.ebuild => google-chrome-124.0.6367.78.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
Comment 2 Larry the Git Cow gentoo-dev 2024-12-07 10:13:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=309ab763e094d02598a970a50a7f0836699fd887

commit 309ab763e094d02598a970a50a7f0836699fd887
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-12-07 10:13:10 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-12-07 10:13:37 +0000

    [ GLSA 202412-05 ] Chromium, Google Chrome, Microsoft Edge. Opera: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/924450
    Bug: https://bugs.gentoo.org/925161
    Bug: https://bugs.gentoo.org/925666
    Bug: https://bugs.gentoo.org/926230
    Bug: https://bugs.gentoo.org/926869
    Bug: https://bugs.gentoo.org/927312
    Bug: https://bugs.gentoo.org/927928
    Bug: https://bugs.gentoo.org/928462
    Bug: https://bugs.gentoo.org/929112
    Bug: https://bugs.gentoo.org/930124
    Bug: https://bugs.gentoo.org/930647
    Bug: https://bugs.gentoo.org/930994
    Bug: https://bugs.gentoo.org/931548
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202412-05.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)