Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 953069 (CVE-2025-3066, CVE-2025-3067, CVE-2025-3068, CVE-2025-3069, CVE-2025-3070, CVE-2025-3071, CVE-2025-3072, CVE-2025-3073, CVE-2025-3074) - <www-client/chromium-135.0.7049.52, <www-client/google-chrome-135.0.7049.52, www-client/microsoft-edge, www-client/opera: Multiple vulnerabilities
Summary: <www-client/chromium-135.0.7049.52, <www-client/google-chrome-135.0.7049.52, ...
Status: CONFIRMED
Alias: CVE-2025-3066, CVE-2025-3067, CVE-2025-3068, CVE-2025-3069, CVE-2025-3070, CVE-2025-3071, CVE-2025-3072, CVE-2025-3073, CVE-2025-3074
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on: 953070
Blocks:
  Show dependency tree
 
Reported: 2025-04-03 02:23 UTC by Matt Jolly
Modified: 2025-04-03 03:56 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Jolly gentoo-dev 2025-04-03 02:23:07 UTC 
The Chrome team is delighted to announce the promotion of Chrome 135 to the stable channel for Windows, Mac and Linux.

[TBD][405140652] High CVE-2025-3066: Use after free in Navigations. Reported by Sven Dysthe (@svn-dys) on 2025-03-21

[$10000][376491759] Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2024-10-31

[$2000][401823929] Medium CVE-2025-3068: Inappropriate implementation in Intents. Reported by Simon Rawet on 2025-03-09

[$1000][40060076] Medium CVE-2025-3069: Inappropriate implementation in Extensions. Reported by NDevTK on 2022-06-26

[$1000][40086360] Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions. Reported by Anonymous on 2017-01-01

[$2000][40051596] Low CVE-2025-3071: Inappropriate implementation in Navigations. Reported by David Erceg on 2020-02-23

[$1000][362545037] Low CVE-2025-3072: Inappropriate implementation in Custom Tabs. Reported by Om Apip on 2024-08-27

[$500][388680893] Low CVE-2025-3073: Inappropriate implementation in Autofill. Reported by Hafiizh on 2025-01-09

[$500][392818696] Low CVE-2025-3074: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-01-28
Comment 1 Larry the Git Cow gentoo-dev 2025-04-03 02:26:38 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5472a8a3459a38ce708bb5d915e4a4e99dc8ac9

commit d5472a8a3459a38ce708bb5d915e4a4e99dc8ac9
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2025-04-03 01:38:51 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2025-04-03 02:26:21 +0000

    www-client/chromium: add 135.0.7049.52
    
    Bug: https://bugs.gentoo.org/953069
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                      |    2 +
 www-client/chromium/chromium-135.0.7049.52.ebuild | 1534 +++++++++++++++++++++
 2 files changed, 1536 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2025-04-03 03:56:51 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16cbb1702ca32b446d47aa8f86c4dcfc616b124e

commit 16cbb1702ca32b446d47aa8f86c4dcfc616b124e
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2025-04-03 02:28:41 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2025-04-03 03:54:37 +0000

    www-client/google-chrome: automated update (135.0.7049.52)
    
    Bug: https://bugs.gentoo.org/953069
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...-chrome-134.0.6998.165.ebuild => google-chrome-135.0.7049.52.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)