Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 832559 (CVE-2022-0452, CVE-2022-0453, CVE-2022-0454, CVE-2022-0455, CVE-2022-0456, CVE-2022-0457, CVE-2022-0458, CVE-2022-0459, CVE-2022-0460, CVE-2022-0461, CVE-2022-0462, CVE-2022-0463, CVE-2022-0464, CVE-2022-0465, CVE-2022-0466, CVE-2022-0467, CVE-2022-0468, CVE-2022-0469, CVE-2022-0470)

Summary: <www-client/chromium-98.0.4758.80 <www-client/google-chrome-98.0.4758.80: Multiple vulnerabilities
Product: Gentoo Security Reporter: Stephan Hartmann (RETIRED) <sultan>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=835761
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 830739    
Bug Blocks:    

Description Stephan Hartmann (RETIRED) gentoo-dev 2022-02-02 08:13:38 UTC
[1284584] High CVE-2022-0452: Use after free in Safe Browsing. Reported by avaue at S.S.L. on 2022-01-05

[1284916] High CVE-2022-0453: Use after free in Reader Mode. Reported by Rong Jian of VRI on 2022-01-06

[1287962] High CVE-2022-0454: Heap buffer overflow in ANGLE. Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on 2022-01-17

[1270593] High CVE-2022-0455: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-16

[1289523] High CVE-2022-0456: Use after free in Web Search. Reported by Zhihua Yao of KunLun Lab on 2022-01-21

[1274445] High CVE-2022-0457: Type Confusion in V8. Reported by rax of the Group0x58 on 2021-11-29

[1267060] High CVE-2022-0458: Use after free in Thumbnail Tab Strip. Reported by Anonymous on 2021-11-05

[1244205] High CVE-2022-0459: Use after free in Screen Capture. Reported by raven (@raid_akame) on 2021-08-28

[1250227] Medium CVE-2022-0460: Use after free in Window Dialog. Reported by 0x74960 on 2021-09-16

[1256823] Medium CVE-2022-0461: Policy bypass in COOP. Reported by NDevTK on 2021-10-05

[1270470] Medium CVE-2022-0462: Inappropriate implementation in Scroll. Reported by Youssef Sammouda on 2021-11-16

[1268240] Medium CVE-2022-0463: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab on 2021-11-09

[1270095] Medium CVE-2022-0464: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab on 2021-11-14

[1281941] Medium CVE-2022-0465: Use after free in Extensions. Reported by Samet Bekmezci @sametbekmezci on 2021-12-22

[1115460] Medium CVE-2022-0466: Inappropriate implementation in Extensions Platform. Reported by David Erceg on 2020-08-12

[1239496] Medium CVE-2022-0467: Inappropriate implementation in Pointer Lock. Reported by Alesandro Ortiz on 2021-08-13

[1252716] Medium CVE-2022-0468: Use after free in Payments. Reported by Krace on 2021-09-24

[1279531] Medium CVE-2022-0469: Use after free in Cast. Reported by Thomas Orlita on 2021-12-14

[1269225] Low CVE-2022-0470: Out of bounds memory access in V8. Reported by Looben Yang on 2021-11-11
Comment 1 Larry the Git Cow gentoo-dev 2022-02-03 09:16:48 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2acc6d66771fe580efac60ea1b15eaea9b63ce5c

commit 2acc6d66771fe580efac60ea1b15eaea9b63ce5c
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-02-03 09:16:31 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-02-03 09:16:31 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/832559
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                     |   2 -
 www-client/chromium/chromium-97.0.4692.99.ebuild | 961 -----------------------
 2 files changed, 963 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2022-02-20 22:50:16 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=7c2daa72c0e5ff7097dc48abcbf7eb70318ed2db

commit 7c2daa72c0e5ff7097dc48abcbf7eb70318ed2db
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-02-20 22:49:24 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-20 22:49:24 +0000

    [ GLSA 202201-02 ] Chromium, Google Chrome: Multiple vulnerabilities
    
    Bug: https://bugs.gentoo.org/832559
    Bug: https://bugs.gentoo.org/833432
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202202-03.xml | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2022-02-20 22:54:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=274205c3763263cf42fc81e6485bde8ce075eed7

commit 274205c3763263cf42fc81e6485bde8ce075eed7
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-02-20 22:52:50 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-20 22:53:51 +0000

    [ GLSA 202201-02 ] Chromium, Google Chrome: fix ID
    
    Bug: https://bugs.gentoo.org/832559
    Bug: https://bugs.gentoo.org/833432
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202202-03.xml => glsa-202202-02.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)