Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 835397 (CVE-2022-0971, CVE-2022-0972, CVE-2022-0973, CVE-2022-0974, CVE-2022-0975, CVE-2022-0976, CVE-2022-0977, CVE-2022-0978, CVE-2022-0979, CVE-2022-0980) - <www-client/chromium-99.0.4844.74 <www-client/google-chrome-99.0.4844.74 <www-client/microsoft-edge-99.0.1150.46: Multiple vulnerabilities
Summary: <www-client/chromium-99.0.4844.74 <www-client/google-chrome-99.0.4844.74 <www...
Status: RESOLVED FIXED
Alias: CVE-2022-0971, CVE-2022-0972, CVE-2022-0973, CVE-2022-0974, CVE-2022-0975, CVE-2022-0976, CVE-2022-0977, CVE-2022-0978, CVE-2022-0979, CVE-2022-0980
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 835430
Blocks:
  Show dependency tree
 
Reported: 2022-03-16 07:23 UTC by Stephan Hartmann (RETIRED)
Modified: 2022-08-14 14:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Hartmann (RETIRED) gentoo-dev 2022-03-16 07:23:37 UTC
[1299422] Critical CVE-2022-0971: Use after free in Blink Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-02-21

[1301320] High CVE-2022-0972: Use after free in Extensions. Reported by Sergei Glazunov of Google Project Zero on 2022-02-28

[1297498] High CVE-2022-0973: Use after free in Safe Browsing. Reported by avaue and Buff3tts at S.S.L. on 2022-02-15

[1291986] High CVE-2022-0974 : Use after free in Splitscreen. Reported by @ginggilBesel on 2022-01-28

[1295411] High CVE-2022-0975: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-02-09

[1296866] High CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair on 2022-02-13

[1299225] High CVE-2022-0977: Use after free in Browser UI. Reported by Khalil Zhani on 2022-02-20

[1299264] High CVE-2022-0978: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-20

[1302644] High CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous on 2022-03-03

[1302157] Medium CVE-2022-0980: Use after free in New Tab Page. Reported by Krace on 2022-03-02
Comment 1 Larry the Git Cow gentoo-dev 2022-03-16 14:08:51 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64b95dbfc502d2140dd35f950118f61528709142

commit 64b95dbfc502d2140dd35f950118f61528709142
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-03-16 14:06:54 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-03-16 14:08:46 +0000

    www-client/chromium: stable channel bump to 99.0.4844.74
    
    Bug: https://bugs.gentoo.org/835397
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                     |    1 +
 www-client/chromium/chromium-99.0.4844.74.ebuild | 1013 ++++++++++++++++++++++
 2 files changed, 1014 insertions(+)
Comment 2 Stephan Hartmann (RETIRED) gentoo-dev 2022-03-17 20:24:35 UTC
Additional CVE for www-client/microsoft-edge only:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26899
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-03-18 18:17:06 UTC
Please cleanup, thanks!
Comment 4 Larry the Git Cow gentoo-dev 2022-03-18 18:29:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=471f34b0c257f3de9c769920b62b5f2861cad5bf

commit 471f34b0c257f3de9c769920b62b5f2861cad5bf
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-03-18 18:28:26 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-03-18 18:28:48 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/835397
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                     |    1 -
 www-client/chromium/chromium-99.0.4844.51.ebuild | 1013 ----------------------
 2 files changed, 1014 deletions(-)
Comment 5 Larry the Git Cow gentoo-dev 2022-03-27 07:50:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ceb39717d29853f0d71b17608cd2e0324f48425b

commit ceb39717d29853f0d71b17608cd2e0324f48425b
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-03-27 07:48:24 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-03-27 07:48:24 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/835397
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                     |    1 -
 www-client/chromium/chromium-99.0.4844.74.ebuild | 1013 ----------------------
 2 files changed, 1014 deletions(-)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:58:48 UTC
GLSA request filed
Comment 7 Larry the Git Cow gentoo-dev 2022-08-14 14:34:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5

commit 3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:29:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/773040
    Bug: https://bugs.gentoo.org/787950
    Bug: https://bugs.gentoo.org/800181
    Bug: https://bugs.gentoo.org/810781
    Bug: https://bugs.gentoo.org/815397
    Bug: https://bugs.gentoo.org/828519
    Bug: https://bugs.gentoo.org/829161
    Bug: https://bugs.gentoo.org/834477
    Bug: https://bugs.gentoo.org/835397
    Bug: https://bugs.gentoo.org/835761
    Bug: https://bugs.gentoo.org/836011
    Bug: https://bugs.gentoo.org/836381
    Bug: https://bugs.gentoo.org/836777
    Bug: https://bugs.gentoo.org/836830
    Bug: https://bugs.gentoo.org/837497
    Bug: https://bugs.gentoo.org/838049
    Bug: https://bugs.gentoo.org/838433
    Bug: https://bugs.gentoo.org/838682
    Bug: https://bugs.gentoo.org/841371
    Bug: https://bugs.gentoo.org/843035
    Bug: https://bugs.gentoo.org/843728
    Bug: https://bugs.gentoo.org/847370
    Bug: https://bugs.gentoo.org/847613
    Bug: https://bugs.gentoo.org/848864
    Bug: https://bugs.gentoo.org/851003
    Bug: https://bugs.gentoo.org/851009
    Bug: https://bugs.gentoo.org/853229
    Bug: https://bugs.gentoo.org/853643
    Bug: https://bugs.gentoo.org/854372
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-25.xml | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 284 insertions(+)
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 14:35:11 UTC
GLSA done, all done.