VuXML: chromium -- multiple security fixes

VuXML ID	b339992e-6059-11ef-8a0f-a8a1599412c6
Discovery	2024-08-21
Entry	2024-08-22

Chrome Releases reports:

This update includes 38 security fixes:

[358296941] High CVE-2024-7964: Use after free in Passwords. Reported by Anonymous on 2024-08-08

[356196918] High CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog on 2024-07-30

[355465305] High CVE-2024-7966: Out of bounds memory access in Skia. Reported by Renan Rios (@HyHy100) on 2024-07-25

[355731798] High CVE-2024-7967: Heap buffer overflow in Fonts. Reported by Tashita Software Security on 2024-07-27

[349253666] High CVE-2024-7968: Use after free in Autofill. Reported by Han Zheng (HexHive) on 2024-06-25

[351865302] High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09

[360700873] High CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) on 2024-08-19

[345960102] Medium CVE-2024-7972: Inappropriate implementation in V8. Reported by Simon Gerst (intrigus-lgtm) on 2024-06-10

[345518608] Medium CVE-2024-7973: Heap buffer overflow in PDFium. Reported by soiax on 2024-06-06

[339141099] Medium CVE-2024-7974: Insufficient data validation in V8 API. Reported by bowu(@gocrashed) on 2024-05-07

[347588491] Medium CVE-2024-7975: Inappropriate implementation in Permissions. Reported by Thomas Orlita on 2024-06-16

[339654392] Medium CVE-2024-7976: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-10

[324770940] Medium CVE-2024-7977: Insufficient data validation in Installer. Reported by Kim Dong-uk (@justlikebono) on 2024-02-11

[40060358] Medium CVE-2024-7978: Insufficient policy enforcement in Data Transfer. Reported by NDevTK on 2022-07-21

[356064205] Medium CVE-2024-7979: Insufficient data validation in Installer. Reported by VulnNoob on 2024-07-29

[356328460] Medium CVE-2024-7980: Insufficient data validation in Installer. Reported by VulnNoob on 2024-07-30

[40067456] Low CVE-2024-7981: Inappropriate implementation in Views. Reported by Thomas Orlita on 2023-07-14

[350256139] Low CVE-2024-8033: Inappropriate implementation in WebApp Installs. Reported by Lijo A.T on 2024-06-30

[353858776] Low CVE-2024-8034: Inappropriate implementation in Custom Tabs. Reported by Bharat (mrnoob) on 2024-07-18

[40059470] Low CVE-2024-8035: Inappropriate implementation in Extensions. Reported by Microsoft on 2022-04-26

[source]

CVE Name	CVE-2024-7964
CVE Name	CVE-2024-7965
CVE Name	CVE-2024-7966
CVE Name	CVE-2024-7967
CVE Name	CVE-2024-7968
CVE Name	CVE-2024-7969
CVE Name	CVE-2024-7971
CVE Name	CVE-2024-7972
CVE Name	CVE-2024-7973
CVE Name	CVE-2024-7974
CVE Name	CVE-2024-7975
CVE Name	CVE-2024-7976
CVE Name	CVE-2024-7977
CVE Name	CVE-2024-7978
CVE Name	CVE-2024-7979
CVE Name	CVE-2024-7980
CVE Name	CVE-2024-7981
CVE Name	CVE-2024-8033
CVE Name	CVE-2024-8034
CVE Name	CVE-2024-8035
URL	https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html

chromium -- multiple security fixes

Details

References