Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 853643 (CVE-2022-2156, CVE-2022-2157, CVE-2022-2158, CVE-2022-2160, CVE-2022-2161, CVE-2022-2162, CVE-2022-2164, CVE-2022-2165) - <www-client/chromium-103.0.5060.53 <www-client/google-chrome-103.0.5060.53: Multiple vulnerabilities
Summary: <www-client/chromium-103.0.5060.53 <www-client/google-chrome-103.0.5060.53: M...
Status: RESOLVED FIXED
Alias: CVE-2022-2156, CVE-2022-2157, CVE-2022-2158, CVE-2022-2160, CVE-2022-2161, CVE-2022-2162, CVE-2022-2164, CVE-2022-2165
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 854381
Blocks: CVE-2022-30192, CVE-2022-33638, CVE-2022-33639 CVE-2022-2163
  Show dependency tree
 
Reported: 2022-06-22 02:10 UTC by Sam James
Modified: 2022-08-24 15:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-06-22 02:10:22 UTC
See https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html.

This update includes 14 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$NA][1335458] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11

[$20000][1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab  on 2022-05-19

[$7500][1321078] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29

[$3000][1116450] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14

[$3000][1330289] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30

[$2000][
Share on Twitter Share on Facebook
Comment 1 Larry the Git Cow gentoo-dev 2022-06-22 02:18:28 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a2566fc4f7ad93eb539891bc3f2ec7864c5fae4

commit 7a2566fc4f7ad93eb539891bc3f2ec7864c5fae4
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-06-22 02:14:18 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-06-22 02:14:33 +0000

    www-plugins/chrome-binary-plugins: automated update (103.0.5060.53)
    
    Bug: https://bugs.gentoo.org/853643
    Signed-off-by: Sam James <sam@gentoo.org>

 www-plugins/chrome-binary-plugins/Manifest                              | 2 +-
 ...102.0.5005.115.ebuild => chrome-binary-plugins-103.0.5060.53.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=baf4eeaad9eb9f07b272adc75eacc95036332356

commit baf4eeaad9eb9f07b272adc75eacc95036332356
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-06-22 02:14:12 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-06-22 02:14:29 +0000

    www-client/google-chrome: automated update (103.0.5060.53)
    
    Bug: https://bugs.gentoo.org/853643
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...-chrome-102.0.5005.115.ebuild => google-chrome-103.0.5060.53.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=294620ce1e1285dd2712ceedc3743affbbabf683

commit 294620ce1e1285dd2712ceedc3743affbbabf683
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-06-22 02:07:34 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-06-22 02:10:32 +0000

    www-client/chromium: promote 103 to stable branch
    
    Bug: https://bugs.gentoo.org/853643
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/chromium-103.0.5060.53.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Larry the Git Cow gentoo-dev 2022-06-28 06:53:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86fadaf884374edcf34226ea00e8f59fd24f42f6

commit 86fadaf884374edcf34226ea00e8f59fd24f42f6
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-06-28 06:51:46 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-06-28 06:51:46 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/851003
    Bug: https://bugs.gentoo.org/853643
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |    3 -
 www-client/chromium/chromium-102.0.5005.115.ebuild | 1034 --------------------
 www-client/chromium/chromium-102.0.5005.61.ebuild  | 1029 -------------------
 .../files/chromium-101-libxml-unbundle.patch       |   10 -
 .../files/chromium-102-i3-tab-dragging-fix.patch   |   70 --
 .../files/chromium-97-arm-tflite-cast.patch        |   26 -
 6 files changed, 2172 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:58:58 UTC
GLSA request filed
Comment 4 Larry the Git Cow gentoo-dev 2022-08-14 14:34:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5

commit 3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:29:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/773040
    Bug: https://bugs.gentoo.org/787950
    Bug: https://bugs.gentoo.org/800181
    Bug: https://bugs.gentoo.org/810781
    Bug: https://bugs.gentoo.org/815397
    Bug: https://bugs.gentoo.org/828519
    Bug: https://bugs.gentoo.org/829161
    Bug: https://bugs.gentoo.org/834477
    Bug: https://bugs.gentoo.org/835397
    Bug: https://bugs.gentoo.org/835761
    Bug: https://bugs.gentoo.org/836011
    Bug: https://bugs.gentoo.org/836381
    Bug: https://bugs.gentoo.org/836777
    Bug: https://bugs.gentoo.org/836830
    Bug: https://bugs.gentoo.org/837497
    Bug: https://bugs.gentoo.org/838049
    Bug: https://bugs.gentoo.org/838433
    Bug: https://bugs.gentoo.org/838682
    Bug: https://bugs.gentoo.org/841371
    Bug: https://bugs.gentoo.org/843035
    Bug: https://bugs.gentoo.org/843728
    Bug: https://bugs.gentoo.org/847370
    Bug: https://bugs.gentoo.org/847613
    Bug: https://bugs.gentoo.org/848864
    Bug: https://bugs.gentoo.org/851003
    Bug: https://bugs.gentoo.org/851009
    Bug: https://bugs.gentoo.org/853229
    Bug: https://bugs.gentoo.org/853643
    Bug: https://bugs.gentoo.org/854372
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-25.xml | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 284 insertions(+)
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 14:37:38 UTC
GLSA done, all done.