Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 943403 (CVE-2024-11110, CVE-2024-11111, CVE-2024-11112, CVE-2024-11113, CVE-2024-11114, CVE-2024-11115, CVE-2024-11116, CVE-2024-11117) - <www-client/chromium-131.0.6778.69, <www-client/google-chrome-131.0.6778.69, <www-client/microsoft-edge-131.0.6778.69, www-client/opera: Multiple vulnerabilities
Summary: <www-client/chromium-131.0.6778.69, <www-client/google-chrome-131.0.6778.69, ...
Status: CONFIRMED
Alias: CVE-2024-11110, CVE-2024-11111, CVE-2024-11112, CVE-2024-11113, CVE-2024-11114, CVE-2024-11115, CVE-2024-11116, CVE-2024-11117
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [ebuild]
Keywords:
Depends on: 943561 944073
Blocks:
  Show dependency tree
 
Reported: 2024-11-14 00:40 UTC by Matt Jolly
Modified: 2025-01-14 07:32 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jolly gentoo-dev 2024-11-14 00:40:06 UTC
Chrome 131.0.6778.69 has been released and includes the following security fixes:


[TBD][373263969] High CVE-2024-11110: Inappropriate implementation in Blink. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2024-10-14

[$1000][360520331] Medium CVE-2024-11111: Inappropriate implementation in Autofill. Reported by Narendra Bhati, Suma Soft Pvt. Ltd - Pune (India) on 2024-08-18

[TBD][354824998] Medium CVE-2024-11112: Use after free in Media. Reported by Nan Wang(@eternalsakura13) and Zhenghang Xiao(@Kipreyyy) of 360 Vulnerability Research Institute on 2024-07-23

[TBD][360274917] Medium CVE-2024-11113: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-08-16

[TBD][370856871] Medium CVE-2024-11114: Inappropriate implementation in Views. Reported by Micky on 2024-10-02

[TBD][371929521] Medium CVE-2024-11115: Insufficient policy enforcement in Navigation. Reported by mastersplinter on 2024-10-07

[TBD][40942531] Medium CVE-2024-11116: Inappropriate implementation in Paint. Reported by Thomas Orlita on 2023-11-14

[TBD][40062534] Low CVE-2024-11117: Inappropriate implementation in FileSystem. Reported by Ameen Basha M K on 2023-01-06
Comment 1 Larry the Git Cow gentoo-dev 2024-11-15 21:46:30 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae83aa7e8cf45bf49dcf69fda84857ced94e81eb

commit ae83aa7e8cf45bf49dcf69fda84857ced94e81eb
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-11-14 12:17:49 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-11-15 21:46:17 +0000

    www-client/google-chrome: automated update (131.0.6778.69)
    
    Bug: https://bugs.gentoo.org/943403
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...-chrome-130.0.6723.116.ebuild => google-chrome-131.0.6778.69.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=624322d5003073794ce4443da137b864c7b92100

commit 624322d5003073794ce4443da137b864c7b92100
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-11-14 11:50:23 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-11-15 21:46:12 +0000

    www-client/chromium: add 131.0.6778.69, 132.0.6834.6
    
    Bug: https://bugs.gentoo.org/943403
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                      |    4 +
 www-client/chromium/chromium-131.0.6778.69.ebuild | 1423 ++++++++++++++++++++
 www-client/chromium/chromium-132.0.6834.6.ebuild  | 1434 +++++++++++++++++++++
 3 files changed, 2861 insertions(+)
Comment 2 Lyly 2024-12-25 03:00:16 UTC Comment hidden (spam)
Comment 3 EllieBit 2025-01-14 07:32:27 UTC
Bug 943403 affects multiple vulnerabilities in Chromium, Google Chrome, Microsoft Edge, and Opera, and is currently confirmed with a Normal Importance status.