Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 943403 (CVE-2024-11110, CVE-2024-11111, CVE-2024-11112, CVE-2024-11113, CVE-2024-11114, CVE-2024-11115, CVE-2024-11116, CVE-2024-11117) - www-client/chromium, www-client/google-chrome, www-client/microsoft-edge, www-client/opera: Multiple vulnerabilities
Summary: www-client/chromium, www-client/google-chrome, www-client/microsoft-edge, www...
Status: CONFIRMED
Alias: CVE-2024-11110, CVE-2024-11111, CVE-2024-11112, CVE-2024-11113, CVE-2024-11114, CVE-2024-11115, CVE-2024-11116, CVE-2024-11117
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard:
Keywords:
Depends on: 943561
Blocks:
  Show dependency tree
 
Reported: 2024-11-14 00:40 UTC by Matt Jolly
Modified: 2024-11-15 21:46 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jolly gentoo-dev 2024-11-14 00:40:06 UTC 
Chrome 131.0.6778.69 has been released and includes the following security fixes:


[TBD][373263969] High CVE-2024-11110: Inappropriate implementation in Blink. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2024-10-14

[$1000][360520331] Medium CVE-2024-11111: Inappropriate implementation in Autofill. Reported by Narendra Bhati, Suma Soft Pvt. Ltd - Pune (India) on 2024-08-18

[TBD][354824998] Medium CVE-2024-11112: Use after free in Media. Reported by Nan Wang(@eternalsakura13) and Zhenghang Xiao(@Kipreyyy) of 360 Vulnerability Research Institute on 2024-07-23

[TBD][360274917] Medium CVE-2024-11113: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-08-16

[TBD][370856871] Medium CVE-2024-11114: Inappropriate implementation in Views. Reported by Micky on 2024-10-02

[TBD][371929521] Medium CVE-2024-11115: Insufficient policy enforcement in Navigation. Reported by mastersplinter on 2024-10-07

[TBD][40942531] Medium CVE-2024-11116: Inappropriate implementation in Paint. Reported by Thomas Orlita on 2023-11-14

[TBD][40062534] Low CVE-2024-11117: Inappropriate implementation in FileSystem. Reported by Ameen Basha M K on 2023-01-06
Comment 1 Larry the Git Cow gentoo-dev 2024-11-15 21:46:30 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae83aa7e8cf45bf49dcf69fda84857ced94e81eb

commit ae83aa7e8cf45bf49dcf69fda84857ced94e81eb
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-11-14 12:17:49 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-11-15 21:46:17 +0000

    www-client/google-chrome: automated update (131.0.6778.69)
    
    Bug: https://bugs.gentoo.org/943403
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...-chrome-130.0.6723.116.ebuild => google-chrome-131.0.6778.69.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=624322d5003073794ce4443da137b864c7b92100

commit 624322d5003073794ce4443da137b864c7b92100
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-11-14 11:50:23 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-11-15 21:46:12 +0000

    www-client/chromium: add 131.0.6778.69, 132.0.6834.6
    
    Bug: https://bugs.gentoo.org/943403
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                      |    4 +
 www-client/chromium/chromium-131.0.6778.69.ebuild | 1423 ++++++++++++++++++++
 www-client/chromium/chromium-132.0.6834.6.ebuild  | 1434 +++++++++++++++++++++
 3 files changed, 2861 insertions(+)