939801 – (CVE-2024-8904, CVE-2024-8905, CVE-2024-8906, CVE-2024-8907, CVE-2024-8908, CVE-2024-8909) <www-client/chromium-129.0.6668.58, <www-client/google-chrome-129.0.6668.58, <www-client/microsoft-edge-129.0.2792.52, www-client/opera: multiple vulnerabilities

Bug 939801 (CVE-2024-8904, CVE-2024-8905, CVE-2024-8906, CVE-2024-8907, CVE-2024-8908, CVE-2024-8909) - <www-client/chromium-129.0.6668.58, <www-client/google-chrome-129.0.6668.58, <www-client/microsoft-edge-129.0.2792.52, www-client/opera: multiple vulnerabilities

Summary: <www-client/chromium-129.0.6668.58, <www-client/google-chrome-129.0.6668.58, ...

Status:	CONFIRMED

Alias:	CVE-2024-8904, CVE-2024-8905, CVE-2024-8906, CVE-2024-8907, CVE-2024-8908, CVE-2024-8909

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://chromereleases.googleblog.com...
Whiteboard:
Keywords:

Depends on:	939805
Blocks:
	Show dependency tree

Reported:	2024-09-18 03:30 UTC by Matt Jolly
Modified:	2024-09-26 05:38 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Jolly gentoo-dev

2024-09-18 03:30:32 UTC

Chrome 129.0.6668.58 contains a number of fixes and improvements.

Security Fixes and Rewards

This update includes 9 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[TBD][365376497] High CVE-2024-8904: Type Confusion in V8. Reported by Popax21 on 2024-09-08
[$8000][359949835] Medium CVE-2024-8905: Inappropriate implementation in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-08-15
[$2000][352681108] Medium CVE-2024-8906: Incorrect security UI in Downloads. Reported by @retsew0x01 on 2024-07-12
[$1000][360642942] Medium CVE-2024-8907: Insufficient data validation in Omnibox. Reported by Muhammad Zaid Ghifari on 2024-08-18
[$1000][337222641] Low CVE-2024-8908: Inappropriate implementation in Autofill. Reported by Levit Nudi from Kenya on 2024-04-26
[$1000][341353783] Low CVE-2024-8909: Inappropriate implementation in UI. Reported by Shaheen Fazim on 2024-05-18

Comment 1 Larry the Git Cow gentoo-dev

2024-09-18 06:31:58 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=255e09204b13949a3f09d7db219be46d3243268b

commit 255e09204b13949a3f09d7db219be46d3243268b
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-09-18 06:24:33 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-09-18 06:31:42 +0000

    www-client/google-chrome: automated update (129.0.6668.58)
    
    Bug: https://bugs.gentoo.org/939801
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...-chrome-128.0.6613.137.ebuild => google-chrome-129.0.6668.58.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4876e1bf99fed1c6855479677a50949d4c89ac3f

commit 4876e1bf99fed1c6855479677a50949d4c89ac3f
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-09-18 06:19:31 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-09-18 06:31:42 +0000

    www-client/chromium: add 129.0.6668.58
    
    Bug: https://bugs.gentoo.org/939801
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                      |    1 +
 www-client/chromium/chromium-129.0.6668.58.ebuild | 1449 +++++++++++++++++++++
 2 files changed, 1450 insertions(+)