The Stable channel has been updated to 137.0.7151.40. [TBD][411573532] High CVE-2025-5063: Use after free in Compositing. Reported by Anonymous on 2025-04-18 [$4000][40058068] Medium CVE-2025-5064: Inappropriate implementation in Background Fetch. Reported by Maurice Dauer on 2021-11-29 [$2000][40059071] Medium CVE-2025-5065: Inappropriate implementation in FileSystemAccess API. Reported by NDevTK on 2022-03-11 [$1000][356658477] Medium CVE-2025-5066: Inappropriate implementation in Messages. Reported by Mohit Raj (shadow2639) on 2024-07-31 [$500][40075024] Low CVE-2025-5067: Inappropriate implementation in Tab Strip. Reported by Khalil Zhani on 2023-10-17
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5edbc1988628671083bb89477a99cd1c8a78cd0 commit b5edbc1988628671083bb89477a99cd1c8a78cd0 Author: Matt Jolly <kangie@gentoo.org> AuthorDate: 2025-05-22 05:15:50 +0000 Commit: Matt Jolly <kangie@gentoo.org> CommitDate: 2025-05-22 05:44:47 +0000 www-client/google-chrome-beta: automated update (137.0.7151.40) Bug: https://bugs.gentoo.org/956400 Signed-off-by: Matt Jolly <kangie@gentoo.org> www-client/google-chrome-beta/Manifest | 2 +- ...eta-137.0.7151.27.ebuild => google-chrome-beta-137.0.7151.40.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1594d30d115173529685783a7a94d656300c911f commit 1594d30d115173529685783a7a94d656300c911f Author: Matt Jolly <kangie@gentoo.org> AuthorDate: 2025-05-22 00:16:53 +0000 Commit: Matt Jolly <kangie@gentoo.org> CommitDate: 2025-05-22 05:44:46 +0000 www-client/chromium: add 137.0.7151.40 This commit changes the way that `myconf_gn` works, making it an array and allowing significant reduction in boilerplate. We're also able to better group and order GN args. Additionally USE=`rar` is added, which controls whether or not the "Safe Browsing" component will use unRAR licenced code. Closes: https://bugs.gentoo.org/956390 Bug: https://bugs.gentoo.org/956400 Signed-off-by: Matt Jolly <kangie@gentoo.org> www-client/chromium/Manifest | 2 + www-client/chromium/chromium-137.0.7151.40.ebuild | 1551 +++++++++++++++++++++ www-client/chromium/metadata.xml | 1 + 3 files changed, 1554 insertions(+)
This one is a bit odd; the security release seems to have fallen to the 'early stable' M137 beta candidate. Typically it'd refer to stable (M136), whatever is after .113. Since google used the beta and I was going to promote it to the stable subslot when it hit early stable upstream anyway, let's just roll with it.
Microsoft Edge CVE fix versions: 137.0.3296.52: CVE-2025-5063, CVE-2025-5064, CVE-2025-5065, CVE-2025-5066, CVE-2025-5067
