Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 803167 (CVE-2021-30565, CVE-2021-30566, CVE-2021-30567, CVE-2021-30568, CVE-2021-30569, CVE-2021-30571, CVE-2021-30572, CVE-2021-30573, CVE-2021-30574, CVE-2021-30575, CVE-2021-30576, CVE-2021-30577, CVE-2021-30578, CVE-2021-30579, CVE-2021-30580, CVE-2021-30581, CVE-2021-30582, CVE-2021-30583, CVE-2021-30584, CVE-2021-30585, CVE-2021-30586, CVE-2021-30587, CVE-2021-30588, CVE-2021-30589)

Summary: <www-client/chromium-92.0.4515.107 <www-client/google-chrome-92.0.4515.107: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: major CC: chromium
Priority: Normal Flags: nattka: sanity-check-
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=802540
https://bugs.gentoo.org/show_bug.cgi?id=810781
Whiteboard: A2 [glsa?]
Package list:
www-client/chromium-92.0.4515.107
Runtime testing required: ---

Description Sam James archtester gentoo-dev Security 2021-07-21 05:23:35 UTC
Big slew of fixes this time: https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html.

[$15000][1210985] High CVE-2021-30565: Out of bounds write in Tab Groups. Reported by David Erceg on 2021-05-19

[$10000][1202661] High CVE-2021-30566: Stack buffer overflow in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-04-26

[$10000][1211326] High CVE-2021-30567: Use after free in DevTools. Reported by DDV_UA on 2021-05-20

[$8500][1219886] High CVE-2021-30568: Heap buffer overflow in WebGL. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-06-15

[$500][1218707] High CVE-2021-30569: Use after free in sqlite. Reported by Chris Salls (@salls) of Makai Security on 2021-06-11

[$TBD][1101897] High CVE-2021-30571: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-07-03

[$TBD][1214234] High CVE-2021-30572: Use after free in Autofill. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-28

[$TBD][1216822] High CVE-2021-30573: Use after free in GPU. Reported by Security For Everyone Team - https://securityforeveryone.com on 2021-06-06

[$TBD][1227315] High CVE-2021-30574: Use after free in protocol handling. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-07-08

[$15000][1213313] Medium CVE-2021-30575: Out of bounds read in Autofill. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-05-26

[$10000][1194896] Medium CVE-2021-30576: Use after free in DevTools. Reported by David Erceg on 2021-04-01

[$10000][1204811] Medium CVE-2021-30577: Insufficient policy enforcement in Installer. Reported by Jan van der Put (REQON B.V) on 2021-05-01

[$7500][1201074] Medium CVE-2021-30578: Uninitialized Use in Media. Reported by Chaoyuan Peng  on 2021-04-21

[$7500][1207277] Medium CVE-2021-30579: Use after free in UI framework. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-05-10

[$5000][1189092] Medium CVE-2021-30580: Insufficient policy enforcement in Android intents. Reported by @retsew0x01 on 2021-03-17

[$5000][1194431] Medium CVE-2021-30581: Use after free in DevTools. Reported by David Erceg on 2021-03-31

[$5000][1205981] Medium CVE-2021-30582: Inappropriate implementation in Animation. Reported by George Liu  on 2021-05-05

[$3000][1179290] Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows. Reported by Muneaki Nishimura (nishimunea) on 2021-02-17

[$3000][1213350] Medium CVE-2021-30584: Incorrect security UI in Downloads. Reported by @retsew0x01 on 2021-05-26

[$N/A][1023503] Medium CVE-2021-30585: Use after free in sensor handling. Reported by niarci on 2019-11-11

[$TBD][1201032] Medium CVE-2021-30586: Use after free in dialog box handling on Windows. Reported by kkomdal with kkwon and neodal on 2021-04-21

[$N/A][1204347] Medium CVE-2021-30587: Inappropriate implementation in Compositing on Windows. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-04-30

[$5000][1195650] Low CVE-2021-30588: Type Confusion in V8. Reported by Jose Martinez (tr0y4) from VerSprite Inc. on 2021-04-04

[$3000][1180510] Low CVE-2021-30589: Insufficient validation of untrusted input in Sharing. Reported by Kirtikumar Anandrao Ramchandani (@Kirtikumar_A_R) and Patrick Walker (@homesen) on 2021-02-20
Comment 1 Sam James archtester gentoo-dev Security 2021-07-21 05:23:53 UTC
Please bump when possible.
Comment 2 Stephan Hartmann gentoo-dev 2021-07-21 12:33:50 UTC
I did the www-client/google-chrome bump.
Comment 3 Larry the Git Cow gentoo-dev 2021-07-24 09:48:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=774d25d68d6fce0e1fc0168f50f515c988e6ebf6

commit 774d25d68d6fce0e1fc0168f50f515c988e6ebf6
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2021-07-24 09:47:31 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2021-07-24 09:48:39 +0000

    www-client/chromium: stable channel bump to 92.0.4515.107
    
    Bug: https://bugs.gentoo.org/803167
    Bug: https://bugs.gentoo.org/803467
    Bug: https://bugs.gentoo.org/769989
    Bug: https://bugs.gentoo.org/803260
    Package-Manager: Portage-3.0.20, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |  3 +-
 ...515.80.ebuild => chromium-92.0.4515.107.ebuild} | 16 +++----
 .../files/chromium-92-GetUsableSize-nullptr.patch  | 46 ++++++++++++++++++++
 .../chromium/files/chromium-freetype-2.11.patch    | 50 ++++++++++++++++++++++
 4 files changed, 103 insertions(+), 12 deletions(-)
Comment 4 John Helmert III gentoo-dev Security 2021-07-24 17:25:50 UTC
Please stabilize, thanks!
Comment 5 Sam James archtester gentoo-dev Security 2021-07-26 02:55:39 UTC
arm64 done
Comment 6 Sam James archtester gentoo-dev Security 2021-07-27 17:10:00 UTC
amd64 done

all arches done
Comment 7 Larry the Git Cow gentoo-dev 2021-07-27 17:39:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afa4f06bc7e383b77191f6325ed4efef50ac49f8

commit afa4f06bc7e383b77191f6325ed4efef50ac49f8
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2021-07-27 17:38:58 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2021-07-27 17:39:17 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/803167
    Closes: https://bugs.gentoo.org/803467
    Closes: https://bugs.gentoo.org/769989
    Closes: https://bugs.gentoo.org/796527
    Package-Manager: Portage-3.0.20, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |   3 -
 www-client/chromium/chromium-91.0.4472.164.ebuild  | 944 ---------------------
 .../files/chromium-89-EnumTable-crash.patch        |  71 --
 .../files/chromium-91-ThemeService-crash.patch     |  36 -
 .../chromium/files/chromium-91-system-icu.patch    |  29 -
 .../chromium/files/chromium-glibc-2.33.patch       | 141 ---
 6 files changed, 1224 deletions(-)
Comment 8 NATTkA bot gentoo-dev 2021-08-13 20:56:24 UTC
Unable to check for sanity:

> no match for package: www-client/chromium-92.0.4515.107