Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 911675 (CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071, CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-4075, CVE-2023-4076, CVE-2023-4077, CVE-2023-4078) - <www-client/chromium-115.0.5790.170 <www-client/google-chrome-115.0.5790.170 <www-client/microsoft-edge-115.0.1901.203: Multiple vulnerabilities
Summary: <www-client/chromium-115.0.5790.170 <www-client/google-chrome-115.0.5790.170 ...
Status: RESOLVED FIXED
Alias: CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071, CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-4075, CVE-2023-4076, CVE-2023-4077, CVE-2023-4078
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa+]
Keywords: PullRequest
Depends on: 911676 913050
Blocks:
  Show dependency tree
 
Reported: 2023-08-03 17:09 UTC by Stephan Hartmann (RETIRED)
Modified: 2024-01-31 15:43 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Hartmann (RETIRED) gentoo-dev 2023-08-03 17:09:25 UTC
[1466183] High CVE-2023-4068: Type Confusion in V8. Reported by Jerry on 2023-07-20

[1465326] High CVE-2023-4069: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-07-17

[1462951] High CVE-2023-4070: Type Confusion in V8. Reported by Jerry on 2023-07-07

[1458819] High CVE-2023-4071: Heap buffer overflow in Visuals. Reported by Guang and Weipeng Jiang of VRI on 2023-06-28

[1464038] High CVE-2023-4072: Out of bounds read and write in WebGL. Reported by Apple Security Engineering and Architecture (SEAR) on 2023-07-12

[1456243] High CVE-2023-4073: Out of bounds memory access in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-06-20

[1464113] High CVE-2023-4074: Use after free in Blink Task Scheduling. Reported by Anonymous on 2023-07-12

[1457757] High CVE-2023-4075: Use after free in Cast. Reported by Cassidy Kim(@cassidy6564) on 2023-06-25

[1459124] High CVE-2023-4076: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2023-06-29

[1451146] Medium CVE-2023-4077: Insufficient data validation in Extensions. Reported by Anonymous on 2023-06-04

[1461895] Medium CVE-2023-4078: Inappropriate implementation in Extensions. Reported by Anonymous on 2023-07-04
Comment 1 Larry the Git Cow gentoo-dev 2023-08-04 20:21:48 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c6d0a7ad1077da65b2c0c91bcc6261c98e2939d

commit 3c6d0a7ad1077da65b2c0c91bcc6261c98e2939d
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2023-08-04 09:51:07 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2023-08-04 20:21:42 +0000

    www-client/chromium: stabilize 115.0.5790.170 for amd64
    
    Bug: https://bugs.gentoo.org/911675
    Closes: https://bugs.gentoo.org/911676
    
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Closes: https://github.com/gentoo/gentoo/pull/32169
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/chromium-115.0.5790.170.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Larry the Git Cow gentoo-dev 2023-08-07 10:52:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=597eeb6775b999045809d747c8968507091c2e25

commit 597eeb6775b999045809d747c8968507091c2e25
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2023-08-07 10:51:50 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2023-08-07 10:52:07 +0000

    www-client/chromium: drop 115.0.5790.102
    
    Bug: https://bugs.gentoo.org/911675
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |    2 -
 www-client/chromium/chromium-115.0.5790.102.ebuild | 1269 --------------------
 2 files changed, 1271 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-01-31 15:40:00 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=8064a0b694d29fb2fca491d65494098fb43c2ffa

commit 8064a0b694d29fb2fca491d65494098fb43c2ffa
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-31 15:39:13 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-31 15:39:35 +0000

    [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/907999
    Bug: https://bugs.gentoo.org/908471
    Bug: https://bugs.gentoo.org/909283
    Bug: https://bugs.gentoo.org/910522
    Bug: https://bugs.gentoo.org/911675
    Bug: https://bugs.gentoo.org/912364
    Bug: https://bugs.gentoo.org/913016
    Bug: https://bugs.gentoo.org/913710
    Bug: https://bugs.gentoo.org/914350
    Bug: https://bugs.gentoo.org/914871
    Bug: https://bugs.gentoo.org/915137
    Bug: https://bugs.gentoo.org/915560
    Bug: https://bugs.gentoo.org/915961
    Bug: https://bugs.gentoo.org/916252
    Bug: https://bugs.gentoo.org/916620
    Bug: https://bugs.gentoo.org/917021
    Bug: https://bugs.gentoo.org/917357
    Bug: https://bugs.gentoo.org/918882
    Bug: https://bugs.gentoo.org/919321
    Bug: https://bugs.gentoo.org/919802
    Bug: https://bugs.gentoo.org/920442
    Bug: https://bugs.gentoo.org/921337
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-34.xml | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 229 insertions(+)