Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 828519 (CVE-2021-4052, CVE-2021-4053, CVE-2021-4054, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057, CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062, CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066, CVE-2021-4067, CVE-2021-4068, CVE-2021-4078, CVE-2021-4079)

Summary: <www-client/chromium-96.0.4664.93: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 828522    
Bug Blocks:    

Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-12-07 17:16:08 UTC
[$15000][1267661] High CVE-2021-4052: Use after free in web apps. Reported by Wei Yuan of MoyunSec VLab on 2021-11-07

[$10000][1267791] High CVE-2021-4053: Use after free in UI. Reported by Rox on 2021-11-08

[$8500][1265806] High CVE-2021-4079: Out of bounds write in WebRTC. Reported by Brendon Tiszka on 2021-11-01

[$5000][1239760] High CVE-2021-4054: Incorrect security UI in autofill. Reported by Alesandro Ortiz on 2021-08-13

[$5000][1268738] High CVE-2021-4078: Type confusion in V8. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2021-11-09

[$1000][1266510] High CVE-2021-4055: Heap buffer overflow in extensions. Reported by Chen Rong on 2021-11-03

[$TBD][1260939] High CVE-2021-4056: Type Confusion in loader. Reported by @__R0ng of 360 Alpha Lab on 2021-10-18

[$TBD][1262183] High CVE-2021-4057: Use after free in file API. Reported by Sergei Glazunov of Google Project Zero on 2021-10-21

[$TBD][1267496] High CVE-2021-4058: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair  on 2021-11-06

[$TBD][1270990] High CVE-2021-4059: Insufficient data validation in loader. Reported by Luan Herrera (@lbherrera_) on 2021-11-17

[$TBD][1271456] High CVE-2021-4061: Type Confusion in V8. Reported by Paolo Severini on 2021-11-18

[$TBD][1272403] High CVE-2021-4062: Heap buffer overflow in BFCache. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-11-22

[$TBD][1273176] High CVE-2021-4063: Use after free in developer tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-11-23

[$TBD][1273197] High CVE-2021-4064: Use after free in screen capture. Reported by @ginggilBesel on 2021-11-23

[$TBD][1273674] High CVE-2021-4065: Use after free in autofill. Reported by 5n1p3r0010 on 2021-11-25

[$TBD][1274499] High CVE-2021-4066: Integer underflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2021-11-29

[$TBD][1274641] High CVE-2021-4067: Use after free in window manager. Reported by @ginggilBesel on 2021-11-29

[$500][1265197] Low CVE-2021-4068: Insufficient validation of untrusted input in new tab page. Reported by NDevTK on 2021-10-31
Comment 2 Larry the Git Cow gentoo-dev 2021-12-07 21:20:57 UTC
The bug has been referenced in the following commit(s):

commit 0a80fce1e06160885815b51aa22017bbf1732be6
Author:     Stephan Hartmann <>
AuthorDate: 2021-12-07 21:20:29 +0000
Commit:     Stephan Hartmann <>
CommitDate: 2021-12-07 21:20:40 +0000

    www-client/chromium: security cleanup
    Package-Manager: Portage-3.0.28, Repoman-3.0.3
    Signed-off-by: Stephan Hartmann <>

 www-client/chromium/Manifest                       |   1 -
 www-client/chromium/chromium-96.0.4664.45.ebuild   | 956 ---------------------
 .../chromium/files/chromium-96-xfce-maximize.patch |  51 --
 3 files changed, 1008 deletions(-)