The Stable channel has been updated to 120.0.6099.199 for Mac,Linux and 120.0.6099.199/200 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. ... This update includes 6 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$15000][1501798] High CVE-2024-0222: Use after free in ANGLE. Reported by Toan (suto) Pham of Qrious Secure on 2023-11-13 [$15000][1505009] High CVE-2024-0223: Heap buffer overflow in ANGLE. Reported by Toan (suto) Pham and Tri Dang of Qrious Secure on 2023-11-24 [$10000][1505086] High CVE-2024-0224: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25 [$TBD][1506923] High CVE-2024-0225: Use after free in WebGPU. Reported by Anonymous on 2023-12-01
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3b05ae3e5c9c8891702cabd543a590f4a736f80 commit c3b05ae3e5c9c8891702cabd543a590f4a736f80 Author: Matt Jolly <Matt.Jolly@footclan.ninja> AuthorDate: 2024-01-04 10:24:13 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-01-05 04:10:11 +0000 www-client/chromium: add 120.0.6099.199 Bug: https://bugs.gentoo.org/921337 Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja> Closes: https://github.com/gentoo/gentoo/pull/34636 Signed-off-by: Sam James <sam@gentoo.org> www-client/chromium/Manifest | 1 + www-client/chromium/chromium-120.0.6099.199.ebuild | 1286 ++++++++++++++++++++ 2 files changed, 1287 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83160fa1c0026da21add531ed073a5f5530a99fe commit 83160fa1c0026da21add531ed073a5f5530a99fe Author: Matt Jolly <Matt.Jolly@footclan.ninja> AuthorDate: 2024-01-04 08:39:48 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-01-05 04:10:07 +0000 www-client/google-chrome: automated update (120.0.6099.199) Bug: https://bugs.gentoo.org/921337 Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja> Signed-off-by: Sam James <sam@gentoo.org> www-client/google-chrome/Manifest | 2 +- ...chrome-120.0.6099.129.ebuild => google-chrome-120.0.6099.199.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
*** Bug 921369 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=8064a0b694d29fb2fca491d65494098fb43c2ffa commit 8064a0b694d29fb2fca491d65494098fb43c2ffa Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-31 15:39:13 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-31 15:39:35 +0000 [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/907999 Bug: https://bugs.gentoo.org/908471 Bug: https://bugs.gentoo.org/909283 Bug: https://bugs.gentoo.org/910522 Bug: https://bugs.gentoo.org/911675 Bug: https://bugs.gentoo.org/912364 Bug: https://bugs.gentoo.org/913016 Bug: https://bugs.gentoo.org/913710 Bug: https://bugs.gentoo.org/914350 Bug: https://bugs.gentoo.org/914871 Bug: https://bugs.gentoo.org/915137 Bug: https://bugs.gentoo.org/915560 Bug: https://bugs.gentoo.org/915961 Bug: https://bugs.gentoo.org/916252 Bug: https://bugs.gentoo.org/916620 Bug: https://bugs.gentoo.org/917021 Bug: https://bugs.gentoo.org/917357 Bug: https://bugs.gentoo.org/918882 Bug: https://bugs.gentoo.org/919321 Bug: https://bugs.gentoo.org/919802 Bug: https://bugs.gentoo.org/920442 Bug: https://bugs.gentoo.org/921337 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-34.xml | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 229 insertions(+)