Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 934536 (CVE-2024-6100, CVE-2024-6101, CVE-2024-6102, CVE-2024-6103) - <www-client/chromium-126.0.6478.114, <www-client/google-chrome-126.0.6478.114, <www-client/microsoft-edge-126.0.2592.68, <www-client/opera-112.0.5197.25: multiple vulnerabilities
Summary: <www-client/chromium-126.0.6478.114, <www-client/google-chrome-126.0.6478.114...
Status: CONFIRMED
Alias: CVE-2024-6100, CVE-2024-6101, CVE-2024-6102, CVE-2024-6103
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-06-19 08:01 UTC by Matt Jolly
Modified: 2024-10-08 14:58 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jolly gentoo-dev 2024-06-19 08:01:33 UTC
The Stable channel has been updated to 126.0.6478.114 for Linux.

Security Fixes and Rewards

This update includes 6 security fixes. Below, we highlight fixes that were contributed by external researchers. 

[$20000][344608204] High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) participating in SSD Secure Disclosure's TyphoonPWN 2024 on 2024-06-04
[$7000][343748812] High CVE-2024-6101: Inappropriate implementation in WebAssembly. Reported by @ginggilBesel on 2024-05-31
[TBD][339169163] High CVE-2024-6102: Out of bounds memory access in Dawn. Reported by wgslfuzz on 2024-05-07
[TBD][344639860] High CVE-2024-6103: Use after free in Dawn. Reported by wgslfuzz on 2024-06-04
Comment 1 Larry the Git Cow gentoo-dev 2024-06-19 09:36:25 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=095e5ab5e7ab913ef02939364acceecd517ebf3b

commit 095e5ab5e7ab913ef02939364acceecd517ebf3b
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-06-19 08:15:26 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-06-19 09:35:58 +0000

    www-client/chromium: add 126.0.6478.114
    
    Bug: https://bugs.gentoo.org/934536
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                       |    2 +
 www-client/chromium/chromium-126.0.6478.114.ebuild | 1452 ++++++++++++++++++++
 2 files changed, 1454 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07e21e36980088c27b7d965df79296f758fabc90

commit 07e21e36980088c27b7d965df79296f758fabc90
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-06-19 07:37:30 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-06-19 09:35:54 +0000

    www-client/google-chrome: automated update (126.0.6478.114)
    
    Bug: https://bugs.gentoo.org/934536
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...-chrome-126.0.6478.55.ebuild => google-chrome-126.0.6478.114.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)