Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 768831 (CVE-2021-21148)

Summary: <www-client/chromium-88.0.4324.150 <www-client/google-chrome-88.0.4324.150: Heap buffer overflow (CVE-2021-21148)
Product: Gentoo Security Reporter: Ian Kumlien <ian.kumlien>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: chromium, mail, sergeev917
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=768459
https://bugs.gentoo.org/show_bug.cgi?id=773040
Whiteboard: A2 [glsa+ cve]
Package list:
Runtime testing required: ---

Description Ian Kumlien 2021-02-05 08:59:29 UTC
Chrome was bumped due to a heap overflow in javascript - it's being exploited in the wild.

https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html

Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2021-02-06 20:36:16 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c1f81ab92ab5a316e96fed45505250f00c89135

commit 3c1f81ab92ab5a316e96fed45505250f00c89135
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2021-02-06 20:34:28 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2021-02-06 20:36:11 +0000

    www-client/chromium: stable channel bump to 88.0.4324.150
    
    Bug: https://bugs.gentoo.org/768459
    Bug: https://bugs.gentoo.org/768831
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                      |   1 +
 www-client/chromium/chromium-88.0.4324.150.ebuild | 901 ++++++++++++++++++++++
 2 files changed, 902 insertions(+)
Comment 2 Stephan Hartmann (RETIRED) gentoo-dev 2021-02-07 11:03:30 UTC
arm64 done
Comment 3 Stephan Hartmann (RETIRED) gentoo-dev 2021-02-07 11:04:41 UTC
amd64 done
Comment 4 Larry the Git Cow gentoo-dev 2021-02-07 11:05:49 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63c7cdd86f01eff47666454fecc1ffb300118342

commit 63c7cdd86f01eff47666454fecc1ffb300118342
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2021-02-07 11:05:26 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2021-02-07 11:05:26 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/768459
    Bug: https://bugs.gentoo.org/768831
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                     |   1 -
 www-client/chromium/chromium-88.0.4324.96.ebuild | 901 -----------------------
 2 files changed, 902 deletions(-)
Comment 5 Maciej S. Szmigiero 2021-02-07 12:49:47 UTC
What about the Beta channel though?

www-client/chromium-89.0.4389.23 is the latest version in the tree but 89.0.4389.40 was released a day before 88.0.4324.150 that fixed this vulnerability in the Stable channel.

That makes me wonder whether a Beta channel bump to 89.0.4389.40 is needed for this bug, too.
Comment 6 Stephan Hartmann (RETIRED) gentoo-dev 2021-02-07 13:14:15 UTC
(In reply to Maciej S. Szmigiero from comment #5)
> What about the Beta channel though?
> 
> www-client/chromium-89.0.4389.23 is the latest version in the tree but
> 89.0.4389.40 was released a day before 88.0.4324.150 that fixed this
> vulnerability in the Stable channel.
> 
> That makes me wonder whether a Beta channel bump to 89.0.4389.40 is needed
> for this bug, too.

Beta and Dev channel are not covered by Gentoo Security. Also Google does not publish any informations regarding vulnerabilities for those. So we can only guess that 89.0.4389.40 is fixed too. I'm preparing bump for beta channel at the moment. Should hit the tree in few hours.
Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev 2021-04-30 22:55:46 UTC
Added to an existing GLSA request.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2021-05-01 00:02:16 UTC
This issue was resolved and addressed in
 GLSA 202104-08 at https://security.gentoo.org/glsa/202104-08
by GLSA coordinator Thomas Deutschmann (whissi).