Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 938708 (CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198) - <www-client/chromium-128.0.6613.113, <www-client/google-chrome-128.0.6613.113, <www-client/microsoft-edge-128.0.2739.54, <www-client/opera-114.0.5282.21: Multiple vulnerabilities
Summary: <www-client/chromium-128.0.6613.113, <www-client/google-chrome-128.0.6613.113...
Status: CONFIRMED
Alias: CVE-2024-7969, CVE-2024-8193, CVE-2024-8194, CVE-2024-8198
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard:
Keywords:
Depends on: 944807 938716
Blocks:
  Show dependency tree
 
Reported: 2024-08-29 21:25 UTC by Matt Jolly
Modified: 2024-11-24 12:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jolly gentoo-dev 2024-08-29 21:25:51 UTC
The Stable channel has been updated to 128.0.6613.113 for Linux which will roll out over the coming days/weeks.

This update includes 4 security fixes.

[TBD][351865302] High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09

[TBD][360265320] High CVE-2024-8193: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100) on 2024-08-16

[TBD][360533914] High CVE-2024-8194: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-08-18

[TBD][360758697] High CVE-2024-8198: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100) on 2024-08-19
Comment 1 Larry the Git Cow gentoo-dev 2024-08-30 02:30:07 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6cffad9d26cebb07ffd82749ade61089aca23ef3

commit 6cffad9d26cebb07ffd82749ade61089aca23ef3
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-08-30 01:15:36 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-08-30 02:22:44 +0000

    www-client/google-chrome: automated update (128.0.6613.113)
    
    Bug: https://bugs.gentoo.org/938708
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...-chrome-128.0.6613.84.ebuild => google-chrome-128.0.6613.113.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6919706a14fbdcf94c7568cf748bddd224b2d14

commit f6919706a14fbdcf94c7568cf748bddd224b2d14
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-08-29 22:04:47 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-08-30 02:22:44 +0000

    www-client/chromium: add 128.0.6613.113
    
    Bug: https://bugs.gentoo.org/938708
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                       |    2 +
 www-client/chromium/chromium-128.0.6613.113.ebuild | 1452 ++++++++++++++++++++
 2 files changed, 1454 insertions(+)