Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 913710 (CVE-2023-4761, CVE-2023-4762, CVE-2023-4763, CVE-2023-4764) - <www-client/chromium-116.0.5845.187 <www-client/google-chrome-116.0.5845.187 <www-client/microsoft-edge-116.0.1938.76: Multiple vulnerabilities
Summary: <www-client/chromium-116.0.5845.187 <www-client/google-chrome-116.0.5845.187 ...
Status: RESOLVED FIXED
Alias: CVE-2023-4761, CVE-2023-4762, CVE-2023-4763, CVE-2023-4764
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa+]
Keywords: PullRequest
Depends on: 914027 915465
Blocks:
  Show dependency tree
 
Reported: 2023-09-06 08:08 UTC by Sam James
Modified: 2024-01-31 15:43 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-09-06 08:08:06 UTC
[$TBD][1476403] High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28

[$TBD][1473247] High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16

[$TBD][1469928] High CVE-2023-4763: Use after free in Networks. Reported by anonymous on 2023-08-03

[$TBD][1447237] High CVE-2023-4764: Incorrect security UI in BFCache. Reported by Irvan Kurniawan (sourc7) on 2023-05-20
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-09-06 08:08:22 UTC
Please bump to 116.0.5845.179.
Comment 2 Larry the Git Cow gentoo-dev 2023-09-12 02:42:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c38a15d665e88d7a58c1e11676a1c0c8aa1dea3

commit 3c38a15d665e88d7a58c1e11676a1c0c8aa1dea3
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2023-09-11 22:32:15 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2023-09-12 02:41:13 +0000

    www-client/chromium: stabilize 116.0.5845.187 for amd64
    
    Bug: https://bugs.gentoo.org/914027
    Bug: https://bugs.gentoo.org/913710
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 www-client/chromium/chromium-116.0.5845.187.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-01-31 15:40:01 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=8064a0b694d29fb2fca491d65494098fb43c2ffa

commit 8064a0b694d29fb2fca491d65494098fb43c2ffa
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-31 15:39:13 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-31 15:39:35 +0000

    [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/907999
    Bug: https://bugs.gentoo.org/908471
    Bug: https://bugs.gentoo.org/909283
    Bug: https://bugs.gentoo.org/910522
    Bug: https://bugs.gentoo.org/911675
    Bug: https://bugs.gentoo.org/912364
    Bug: https://bugs.gentoo.org/913016
    Bug: https://bugs.gentoo.org/913710
    Bug: https://bugs.gentoo.org/914350
    Bug: https://bugs.gentoo.org/914871
    Bug: https://bugs.gentoo.org/915137
    Bug: https://bugs.gentoo.org/915560
    Bug: https://bugs.gentoo.org/915961
    Bug: https://bugs.gentoo.org/916252
    Bug: https://bugs.gentoo.org/916620
    Bug: https://bugs.gentoo.org/917021
    Bug: https://bugs.gentoo.org/917357
    Bug: https://bugs.gentoo.org/918882
    Bug: https://bugs.gentoo.org/919321
    Bug: https://bugs.gentoo.org/919802
    Bug: https://bugs.gentoo.org/920442
    Bug: https://bugs.gentoo.org/921337
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-34.xml | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 229 insertions(+)