Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 937510 (CVE-2024-7532, CVE-2024-7533, CVE-2024-7534, CVE-2024-7535, CVE-2024-7536, CVE-2024-7550) - <www-client/chromium-127.0.6533.99, <www-client/google-chrome-127.0.6533.99, <www-client/microsoft-edge-127.0.2651.98, <www-client/opera-113.0.5230.47: Multiple vulnerabilities
Summary: <www-client/chromium-127.0.6533.99, <www-client/google-chrome-127.0.6533.99, ...
Status: CONFIRMED
Alias: CVE-2024-7532, CVE-2024-7533, CVE-2024-7534, CVE-2024-7535, CVE-2024-7536, CVE-2024-7550
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard:
Keywords:
Depends on: 937519
Blocks:
  Show dependency tree
 
Reported: 2024-08-07 07:48 UTC by Matt Jolly
Modified: 2024-10-08 15:14 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jolly gentoo-dev 2024-08-07 07:48:54 UTC 
The Stable channel has been updated to 127.0.6533.99 for Linux which will roll out over the coming days/weeks. 

This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[TBD][350528343] Critical CVE-2024-7532: Out of bounds memory access in ANGLE. Reported by wgslfuzz on 2024-07-02

[$11000][353552540] High CVE-2024-7533: Use after free in Sharing. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-07-17

[$7000][355256380] High CVE-2024-7550: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-07-25

[TBD][352467338] High CVE-2024-7534: Heap buffer overflow in Layout. Reported by Tashita Software Security on 2024-07-11

[TBD][352690885] High CVE-2024-7535: Inappropriate implementation in V8. Reported by Tashita Software Security on 2024-07-12

[TBD][354847246] High CVE-2024-7536: Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564) on 2024-07-23
Comment 1 Larry the Git Cow gentoo-dev 2024-08-07 14:43:32 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=213cf8bacaee8816cd161bf4f48879befede462d

commit 213cf8bacaee8816cd161bf4f48879befede462d
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-08-07 10:26:20 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-08-07 14:40:32 +0000

    www-client/chromium: add 127.0.6533.99
    
    Attempt to detect and `die` if ld is 'mold'.
    
    This is not supported and causes builds to fail
    when targets are linked.
    
    Bug: https://bugs.gentoo.org/936858
    Bug: https://bugs.gentoo.org/937510
    Closes: https://bugs.gentoo.org/936792
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                      |    2 +
 www-client/chromium/chromium-127.0.6533.99.ebuild | 1480 +++++++++++++++++++++
 2 files changed, 1482 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55e15cff8bf84b596d0ce27b81fa171a8748daec

commit 55e15cff8bf84b596d0ce27b81fa171a8748daec
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-08-07 07:44:51 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-08-07 14:40:27 +0000

    www-client/google-chrome: automated update (127.0.6533.99)
    
    Bug: https://bugs.gentoo.org/937510
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...e-chrome-127.0.6533.88.ebuild => google-chrome-127.0.6533.99.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)