https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_11.html The stable channel has been updated to 69.0.3497.92 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$3000][875322] High (CVE to be assigned): Function signature mismatch in WebAssembly. Reported by Kevin Cheung from Autodesk on 2018-08-17 [$TBD][880759] Medium (CVE to be assigned): URL Spoofing in Omnibox. Reported by evi1m0 of Bilibili Security Team on 2018-09-05 https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop_17.html The stable channel has been updated to 69.0.3497.100 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 1 security fix from our ongoing internal security work: [884726] Fixes from internal audits, fuzzing and other initiatives
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd87e959015a2e89664ffd6bf789b85d644f63e5 commit dd87e959015a2e89664ffd6bf789b85d644f63e5 Author: Richard Freeman <rich0@gentoo.org> AuthorDate: 2018-09-18 23:28:23 +0000 Commit: Richard Freeman <rich0@gentoo.org> CommitDate: 2018-09-18 23:28:23 +0000 www-client/chromium: amd64 stable Bug: https://bugs.gentoo.org/666502 Package-Manager: Portage-2.3.49, Repoman-2.3.10 www-client/chromium/chromium-69.0.3497.100.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
amd64 stable
Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201811-10 at https://security.gentoo.org/glsa/201811-10 by GLSA coordinator Aaron Bauman (b-man).