Version in base suite: 121.0.6167.139-1~deb12u1
Version in overlay suite: 124.0.6367.201-1~deb12u1

Base version: chromium_124.0.6367.201-1~deb12u1
Target version: chromium_124.0.6367.207-1~deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/c/chromium/chromium_124.0.6367.201-1~deb12u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/c/chromium/chromium_124.0.6367.207-1~deb12u1.dsc

 DEPS                             |    2 +-
 build/util/LASTCHANGE            |    2 +-
 build/util/LASTCHANGE.committime |    2 +-
 chrome/VERSION                   |    2 +-
 chrome/chrome_branch_deps.json   |   28 +++++++++++++---------------
 debian/changelog                 |    7 +++++++
 gpu/config/gpu_lists_version.h   |    2 +-
 v8/src/objects/js-objects.cc     |    4 +---
 8 files changed, 26 insertions(+), 23 deletions(-)

diff -Nru chromium-124.0.6367.201/DEPS chromium-124.0.6367.207/DEPS
--- chromium-124.0.6367.201/DEPS	2024-05-09 21:46:22.000000000 +0000
+++ chromium-124.0.6367.207/DEPS	2024-05-13 23:34:53.000000000 +0000
@@ -316,7 +316,7 @@
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling V8
   # and whatever else without interference from each other.
-  'v8_revision': 'c6b8b43c3042d99f07d5cc0771e58511afaa66a3',
+  'v8_revision': 'ac8da461a20281ff8c30507cbdd7e6fed39fd183',
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling ANGLE
   # and whatever else without interference from each other.
diff -Nru chromium-124.0.6367.201/build/util/LASTCHANGE chromium-124.0.6367.207/build/util/LASTCHANGE
--- chromium-124.0.6367.201/build/util/LASTCHANGE	2024-05-09 21:49:12.000000000 +0000
+++ chromium-124.0.6367.207/build/util/LASTCHANGE	2024-05-13 23:37:13.000000000 +0000
@@ -1,2 +1,2 @@
-LASTCHANGE=46cf136d27d50afd9c618d164a3b95b3b62d0027-refs/branch-heads/6367@{#1130}
+LASTCHANGE=a9001a6e39fbaa559510ca866052950457dd4e6b-refs/branch-heads/6367_201@{#3}
 LASTCHANGE_YEAR=2024
diff -Nru chromium-124.0.6367.201/build/util/LASTCHANGE.committime chromium-124.0.6367.207/build/util/LASTCHANGE.committime
--- chromium-124.0.6367.201/build/util/LASTCHANGE.committime	2024-05-09 21:49:12.000000000 +0000
+++ chromium-124.0.6367.207/build/util/LASTCHANGE.committime	2024-05-13 23:37:13.000000000 +0000
@@ -1 +1 @@
-1715197133
\ No newline at end of file
+1715347818
\ No newline at end of file
diff -Nru chromium-124.0.6367.201/chrome/VERSION chromium-124.0.6367.207/chrome/VERSION
--- chromium-124.0.6367.201/chrome/VERSION	2024-05-09 21:46:26.000000000 +0000
+++ chromium-124.0.6367.207/chrome/VERSION	2024-05-13 23:34:56.000000000 +0000
@@ -1,4 +1,4 @@
 MAJOR=124
 MINOR=0
 BUILD=6367
-PATCH=201
+PATCH=207
diff -Nru chromium-124.0.6367.201/chrome/chrome_branch_deps.json chromium-124.0.6367.207/chrome/chrome_branch_deps.json
--- chromium-124.0.6367.201/chrome/chrome_branch_deps.json	2024-05-09 21:46:39.000000000 +0000
+++ chromium-124.0.6367.207/chrome/chrome_branch_deps.json	2024-05-13 23:35:02.000000000 +0000
@@ -1,17 +1,15 @@
 {
-  "src": "refs/branch-heads/6367",
-  "src:src/clank": "refs/heads/chromium/6367",
-  "src:src/components/optimization_guide/internal": "refs/heads/chromium/6367",
-  "src:src/internal": "refs/heads/chromium/6367",
-  "src:src/ios_internal": "refs/heads/chromium/6367",
-  "src:src/third_party/angle": "refs/heads/chromium/6367",
-  "src:src/third_party/dawn": "refs/heads/chromium/6367",
-  "src:src/third_party/devtools-frontend-internal": "refs/heads/chromium/6367",
-  "src:src/third_party/devtools-frontend-internal:devtools-frontend": "refs/heads/chromium/6367",
-  "src:src/third_party/devtools-frontend/src": "refs/heads/chromium/6367",
-  "src:src/third_party/pdfium": "refs/heads/chromium/6367",
-  "src:src/third_party/skia": "refs/heads/chrome/m124",
-  "src:src/third_party/vulkan-deps": "refs/heads/chromium/6367",
-  "src:src/third_party/webrtc": "refs/branch-heads/6367",
-  "src:src/v8": "refs/heads/chromium/6367"
+  "src": "refs/branch-heads/6367_201",
+  "src:src/clank": "refs/heads/chromium/6367_201",
+  "src:src/internal": "refs/heads/chromium/6367_201",
+  "src:src/ios_internal": "refs/heads/chromium/6367_201",
+  "src:src/third_party/angle": "refs/heads/chromium/6367_201",
+  "src:src/third_party/dawn": "refs/heads/chromium/6367_201",
+  "src:src/third_party/devtools-frontend-internal": "refs/heads/chromium/6367_201",
+  "src:src/third_party/devtools-frontend-internal:devtools-frontend": "refs/heads/chromium/6367_201",
+  "src:src/third_party/devtools-frontend/src": "refs/heads/chromium/6367_201",
+  "src:src/third_party/pdfium": "refs/heads/chromium/6367_201",
+  "src:src/third_party/vulkan-deps": "refs/heads/chromium/6367_201",
+  "src:src/third_party/webrtc": "refs/branch-heads/6367_201",
+  "src:src/v8": "refs/heads/chromium/6367_201"
 }
diff -Nru chromium-124.0.6367.201/debian/changelog chromium-124.0.6367.207/debian/changelog
--- chromium-124.0.6367.201/debian/changelog	2024-05-10 00:37:07.000000000 +0000
+++ chromium-124.0.6367.207/debian/changelog	2024-05-15 02:17:42.000000000 +0000
@@ -1,3 +1,10 @@
+chromium (124.0.6367.207-1~deb12u1) bookworm-security; urgency=high
+
+  * New upstream security release.
+    - CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous.
+
+ -- Andres Salomon <dilinger@debian.org>  Tue, 14 May 2024 22:17:42 -0400
+
 chromium (124.0.6367.201-1~deb12u1) bookworm-security; urgency=high
 
   * New upstream security release.
diff -Nru chromium-124.0.6367.201/gpu/config/gpu_lists_version.h chromium-124.0.6367.207/gpu/config/gpu_lists_version.h
--- chromium-124.0.6367.201/gpu/config/gpu_lists_version.h	2024-05-09 21:49:12.000000000 +0000
+++ chromium-124.0.6367.207/gpu/config/gpu_lists_version.h	2024-05-13 23:37:13.000000000 +0000
@@ -3,6 +3,6 @@
 #ifndef GPU_CONFIG_GPU_LISTS_VERSION_H_
 #define GPU_CONFIG_GPU_LISTS_VERSION_H_
 
-#define GPU_LISTS_VERSION "46cf136d27d50afd9c618d164a3b95b3b62d0027"
+#define GPU_LISTS_VERSION "a9001a6e39fbaa559510ca866052950457dd4e6b"
 
 #endif  // GPU_CONFIG_GPU_LISTS_VERSION_H_
diff -Nru chromium-124.0.6367.201/v8/src/objects/js-objects.cc chromium-124.0.6367.207/v8/src/objects/js-objects.cc
--- chromium-124.0.6367.201/v8/src/objects/js-objects.cc	2024-05-09 21:48:27.000000000 +0000
+++ chromium-124.0.6367.207/v8/src/objects/js-objects.cc	2024-05-13 23:36:34.000000000 +0000
@@ -432,9 +432,7 @@
       Nothing<bool>());
 
   if (!from->HasFastProperties() && target->HasFastProperties() &&
-      !IsJSGlobalProxy(*target)) {
-    // JSProxy is always in slow-mode.
-    DCHECK(!IsJSProxy(*target));
+      IsJSObject(*target) && !IsJSGlobalProxy(*target)) {
     // Convert to slow properties if we're guaranteed to overflow the number of
     // descriptors.
     int source_length;