Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 939217 (CVE-2024-7970, CVE-2024-8362) - <www-client/chromium-128.0.6613.119, <www-client/google-chrome-128.0.6613.119, www-client/microsoft-edge, www-client/opera: Multiple vulnerabilities
Summary: <www-client/chromium-128.0.6613.119, <www-client/google-chrome-128.0.6613.119...
Status: CONFIRMED
Alias: CVE-2024-7970, CVE-2024-8362
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard:
Keywords:
Depends on: 939281
Blocks:
  Show dependency tree
 
Reported: 2024-09-07 08:11 UTC by Matt Jolly
Modified: 2024-09-07 11:32 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jolly gentoo-dev 2024-09-07 08:11:36 UTC 
Stable Channel update for Desktop
Monday, September 2, 2024

The Stable channel has been updated to 128.0.6613.119/.120 for Windows, Mac and 128.0.6613.119 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.

The Extended Stable channel has been updated to 128.0.6613.120 for Windows and Mac which will roll out over the coming days/weeks.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$7000][357391257] High CVE-2024-8362: Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564) on 2024-08-05

[TBD][358485426] High CVE-2024-7970: Out of bounds write in V8. Reported by Cassidy Kim(@cassidy6564) on 2024-08-09
Comment 1 Larry the Git Cow gentoo-dev 2024-09-07 11:28:33 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d49e871821ac0f8f37ee4f193752a994bb2d8857

commit d49e871821ac0f8f37ee4f193752a994bb2d8857
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-09-07 11:26:32 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-09-07 11:28:14 +0000

    www-client/chromium: add 128.0.6613.119
    
    Bug: https://bugs.gentoo.org/939217
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                       |    1 +
 www-client/chromium/chromium-128.0.6613.119.ebuild | 1452 ++++++++++++++++++++
 2 files changed, 1453 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4577a562d4ce240f79a21dc28a376513226c5c67

commit 4577a562d4ce240f79a21dc28a376513226c5c67
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-09-07 08:14:52 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-09-07 11:28:10 +0000

    www-client/google-chrome: automated update (128.0.6613.119)
    
    Bug: https://bugs.gentoo.org/939217
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...chrome-128.0.6613.113.ebuild => google-chrome-128.0.6613.119.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)