Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 851003 (CVE-2022-2007, CVE-2022-2010, CVE-2022-2011) - <www-client/chromium-102.0.5005.115 <www-client/google-chrome-102.0.5005.115: Multiple vulnerabilities
Summary: <www-client/chromium-102.0.5005.115 <www-client/google-chrome-102.0.5005.115:...
Status: RESOLVED FIXED
Alias: CVE-2022-2007, CVE-2022-2010, CVE-2022-2011
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 851012
Blocks: CVE-2022-22021
  Show dependency tree
 
Reported: 2022-06-10 12:07 UTC by Stephan Hartmann (RETIRED)
Modified: 2022-08-24 15:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Hartmann (RETIRED) gentoo-dev 2022-06-10 12:07:26 UTC
[1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17

[1317673] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19

[1325298] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13

[1330379] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31

CVE-2022-2008 looks Windows specific because it is in Direct3D implementation.
Comment 1 Larry the Git Cow gentoo-dev 2022-06-10 12:09:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b03aabe36f049053f3e36ca39b50ac84c6195100

commit b03aabe36f049053f3e36ca39b50ac84c6195100
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-06-10 12:08:44 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-06-10 12:09:03 +0000

    www-client/chromium: stable channel bump to 102.0.5005.115
    
    Bug: https://bugs.gentoo.org/851003
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |    1 +
 www-client/chromium/chromium-102.0.5005.115.ebuild | 1028 ++++++++++++++++++++
 2 files changed, 1029 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2022-06-28 06:53:13 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86fadaf884374edcf34226ea00e8f59fd24f42f6

commit 86fadaf884374edcf34226ea00e8f59fd24f42f6
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-06-28 06:51:46 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-06-28 06:51:46 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/851003
    Bug: https://bugs.gentoo.org/853643
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |    3 -
 www-client/chromium/chromium-102.0.5005.115.ebuild | 1034 --------------------
 www-client/chromium/chromium-102.0.5005.61.ebuild  | 1029 -------------------
 .../files/chromium-101-libxml-unbundle.patch       |   10 -
 .../files/chromium-102-i3-tab-dragging-fix.patch   |   70 --
 .../files/chromium-97-arm-tflite-cast.patch        |   26 -
 6 files changed, 2172 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:58:57 UTC
GLSA request filed
Comment 4 Larry the Git Cow gentoo-dev 2022-08-14 14:34:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5

commit 3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:29:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/773040
    Bug: https://bugs.gentoo.org/787950
    Bug: https://bugs.gentoo.org/800181
    Bug: https://bugs.gentoo.org/810781
    Bug: https://bugs.gentoo.org/815397
    Bug: https://bugs.gentoo.org/828519
    Bug: https://bugs.gentoo.org/829161
    Bug: https://bugs.gentoo.org/834477
    Bug: https://bugs.gentoo.org/835397
    Bug: https://bugs.gentoo.org/835761
    Bug: https://bugs.gentoo.org/836011
    Bug: https://bugs.gentoo.org/836381
    Bug: https://bugs.gentoo.org/836777
    Bug: https://bugs.gentoo.org/836830
    Bug: https://bugs.gentoo.org/837497
    Bug: https://bugs.gentoo.org/838049
    Bug: https://bugs.gentoo.org/838433
    Bug: https://bugs.gentoo.org/838682
    Bug: https://bugs.gentoo.org/841371
    Bug: https://bugs.gentoo.org/843035
    Bug: https://bugs.gentoo.org/843728
    Bug: https://bugs.gentoo.org/847370
    Bug: https://bugs.gentoo.org/847613
    Bug: https://bugs.gentoo.org/848864
    Bug: https://bugs.gentoo.org/851003
    Bug: https://bugs.gentoo.org/851009
    Bug: https://bugs.gentoo.org/853229
    Bug: https://bugs.gentoo.org/853643
    Bug: https://bugs.gentoo.org/854372
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-25.xml | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 284 insertions(+)
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 14:37:41 UTC
GLSA done, all done.