FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
7314942b-0889-46f0-b02b-2c60aabe4a82	chromium -- multiple security fixes Chrome Releases reports: This update includes 3 security fixes: [331237485] High CVE-2024-3157: Out of bounds write in Compositing. Reported by DarkNavy on 2024-03-26 [328859176] High CVE-2024-3516: Heap buffer overflow in ANGLE. Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure on 2024-03-09 [331123811] High CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz on 2024-03-25 Discovery 2024-04-10 Entry 2024-04-12 chromium < 123.0.6312.122 ungoogled-chromium < 123.0.6312.122 CVE-2024-3157 CVE-2024-3516 CVE-2024-3515 https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html
9bed230f-ffc8-11ee-8e76-a8a1599412c6	chromium -- multiple security fixes Chrome Releases reports: This update includes 23 security fixes: [331358160] High CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27 [331383939] High CVE-2024-3833: Object corruption in WebAssembly. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27 [330759272] High CVE-2024-3914: Use after free in V8. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21 [326607008] High CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang on 2024-02-24 [41491379] Medium CVE-2024-3837: Use after free in QUIC. Reported by {rotiple, dch3ck} of CW Research Inc. on 2024-01-15 [328278717] Medium CVE-2024-3838: Inappropriate implementation in Autofill. Reported by Ardyan Vicky Ramadhan on 2024-03-06 [41491859] Medium CVE-2024-3839: Out of bounds read in Fonts. Reported by Ronald Crane (Zippenhop LLC) on 2024-01-16 [41493458] Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation. Reported by Ahmed ElMasry on 2024-01-22 [330376742] Medium CVE-2024-3841: Insufficient data validation in Browser Switcher. Reported by Oleg on 2024-03-19 [41486690] Medium CVE-2024-3843: Insufficient data validation in Downloads. Reported by Azur on 2023-12-24 [40058873] Low CVE-2024-3844: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2022-02-23 [323583084] Low CVE-2024-3845: Inappropriate implementation in Network. Reported by Daniel Baulig on 2024-02-03 [40064754] Low CVE-2024-3846: Inappropriate implementation in Prompts. Reported by Ahmed ElMasry on 2023-05-23 [328690293] Low CVE-2024-3847: Insufficient policy enforcement in WebUI. Reported by Yan Zhu on 2024-03-08 Discovery 2024-04-16 Entry 2024-04-21 chromium < 124.0.6367.60 ungoogled-chromium < 124.0.6367.60 CVE-2024-3832 CVE-2024-3833 CVE-2024-3914 CVE-2024-3834 CVE-2024-3837 CVE-2024-3838 CVE-2024-3839 CVE-2024-3840 CVE-2024-3841 CVE-2024-3843 CVE-2024-3844 CVE-2024-3845 CVE-2024-3846 CVE-2024-3847 https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html

VuXML ID

Description

7314942b-0889-46f0-b02b-2c60aabe4a82

chromium -- multiple security fixes

Chrome Releases reports:

This update includes 3 security fixes:

[331237485] High CVE-2024-3157: Out of bounds write in Compositing. Reported by DarkNavy on 2024-03-26

[328859176] High CVE-2024-3516: Heap buffer overflow in ANGLE. Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure on 2024-03-09

[331123811] High CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz on 2024-03-25

Discovery 2024-04-10
Entry 2024-04-12
chromium

< 123.0.6312.122

ungoogled-chromium

< 123.0.6312.122

CVE-2024-3157
CVE-2024-3516
CVE-2024-3515
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html

9bed230f-ffc8-11ee-8e76-a8a1599412c6

chromium -- multiple security fixes

Chrome Releases reports:

This update includes 23 security fixes:

[331358160] High CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27

[331383939] High CVE-2024-3833: Object corruption in WebAssembly. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27

[330759272] High CVE-2024-3914: Use after free in V8. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21

[326607008] High CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang on 2024-02-24

[41491379] Medium CVE-2024-3837: Use after free in QUIC. Reported by {rotiple, dch3ck} of CW Research Inc. on 2024-01-15

[328278717] Medium CVE-2024-3838: Inappropriate implementation in Autofill. Reported by Ardyan Vicky Ramadhan on 2024-03-06

[41491859] Medium CVE-2024-3839: Out of bounds read in Fonts. Reported by Ronald Crane (Zippenhop LLC) on 2024-01-16

[41493458] Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation. Reported by Ahmed ElMasry on 2024-01-22

[330376742] Medium CVE-2024-3841: Insufficient data validation in Browser Switcher. Reported by Oleg on 2024-03-19

[41486690] Medium CVE-2024-3843: Insufficient data validation in Downloads. Reported by Azur on 2023-12-24

[40058873] Low CVE-2024-3844: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2022-02-23

[323583084] Low CVE-2024-3845: Inappropriate implementation in Network. Reported by Daniel Baulig on 2024-02-03

[40064754] Low CVE-2024-3846: Inappropriate implementation in Prompts. Reported by Ahmed ElMasry on 2023-05-23

[328690293] Low CVE-2024-3847: Insufficient policy enforcement in WebUI. Reported by Yan Zhu on 2024-03-08

Discovery 2024-04-16
Entry 2024-04-21
chromium

< 124.0.6367.60

ungoogled-chromium

< 124.0.6367.60

CVE-2024-3832
CVE-2024-3833
CVE-2024-3914
CVE-2024-3834
CVE-2024-3837
CVE-2024-3838
CVE-2024-3839
CVE-2024-3840
CVE-2024-3841
CVE-2024-3843
CVE-2024-3844
CVE-2024-3845
CVE-2024-3846
CVE-2024-3847
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html