Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 926230 (CVE-2024-2173, CVE-2024-2174, CVE-2024-2176) - <www-client/chromium-122.0.6261.111, <www-client/google-chrome-122.0.6261.111, <www-client/microsoft-edge-122.0.2365.80: multiple vulnerabilities
Summary: <www-client/chromium-122.0.6261.111, <www-client/google-chrome-122.0.6261.111...
Status: CONFIRMED
Alias: CVE-2024-2173, CVE-2024-2174, CVE-2024-2176
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa]
Keywords:
Depends on: 926426
Blocks:
  Show dependency tree
 
Reported: 2024-03-06 02:01 UTC by Matt Jolly
Modified: 2024-10-11 08:18 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jolly gentoo-dev 2024-03-06 02:01:37 UTC
The Stable channel has been updated to 122.0.6261.112 for Linux. A full list of changes in this build is available in the Log.

Security Fixes and Rewards

This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$12000][325893559] High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19

[$7000][325866363] High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-19

[$6000][325936438] High CVE-2024-2176: Use after free in FedCM. Reported by Anonymous on 2024-02-20
Comment 1 Larry the Git Cow gentoo-dev 2024-03-06 02:12:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45ee358c195811493bda3dc6471f7f6027b54b45

commit 45ee358c195811493bda3dc6471f7f6027b54b45
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-03-06 00:14:46 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-03-06 02:11:47 +0000

    www-client/google-chrome: automated update (122.0.6261.111)
    
    Bug: https://bugs.gentoo.org/926230
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...-chrome-122.0.6261.94.ebuild => google-chrome-122.0.6261.111.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
Comment 2 Larry the Git Cow gentoo-dev 2024-03-06 07:26:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f755838ea1e7cf679a1c936d4865262b0341c6f

commit 8f755838ea1e7cf679a1c936d4865262b0341c6f
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-03-06 07:18:33 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-03-06 07:26:40 +0000

    www-client/chromium: add 122.0.6261.111
    
    Bug: https://bugs.gentoo.org/926230
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                       |    2 +
 www-client/chromium/chromium-122.0.6261.111.ebuild | 1386 ++++++++++++++++++++
 2 files changed, 1388 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2024-03-11 08:09:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=794e2083a205da0a9d29bb26756ba2ee1570f32d

commit 794e2083a205da0a9d29bb26756ba2ee1570f32d
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-03-11 08:03:42 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-03-11 08:08:47 +0000

    www-client/microsoft-edge: automated bump (122.0.2365.80)
    
    Bug: https://bugs.gentoo.org/926230
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/microsoft-edge/Manifest                 |   1 +
 .../microsoft-edge-122.0.2365.80.ebuild            | 127 +++++++++++++++++++++
 2 files changed, 128 insertions(+)