Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 833432 (CVE-2022-0603, CVE-2022-0604, CVE-2022-0605, CVE-2022-0606, CVE-2022-0607, CVE-2022-0608, CVE-2022-0609, CVE-2022-0610)

Summary: <www-client/chromium-98.0.4758.102 <www-client/google-chrome-98.0.4758.102: Multiple vulnerabilities
Product: Gentoo Security Reporter: Stephan Hartmann <sultan>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=835761
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 833433    
Bug Blocks:    

Description Stephan Hartmann gentoo-dev 2022-02-15 21:20:36 UTC
[1290008] High CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22

[1273397] High CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace on 2021-11-24

[1286940] High CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita  on 2022-01-13

[1288020] High CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-01-17

[1250655] High CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17

[1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-11-16

[1296150] High CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group on 2022-02-10

[1285449] Medium CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous on 2022-01-08
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-18 18:10:08 UTC
Please cleanup.
Comment 2 Larry the Git Cow gentoo-dev 2022-02-18 18:46:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a4d7919f80db10985e71e5555cdf0047f2bf5c58

commit a4d7919f80db10985e71e5555cdf0047f2bf5c58
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-02-18 18:45:45 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-02-18 18:46:32 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/833432
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                     |   1 -
 www-client/chromium/chromium-98.0.4758.80.ebuild | 963 -----------------------
 2 files changed, 964 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2022-02-20 22:50:17 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=7c2daa72c0e5ff7097dc48abcbf7eb70318ed2db

commit 7c2daa72c0e5ff7097dc48abcbf7eb70318ed2db
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-02-20 22:49:24 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-20 22:49:24 +0000

    [ GLSA 202201-02 ] Chromium, Google Chrome: Multiple vulnerabilities
    
    Bug: https://bugs.gentoo.org/832559
    Bug: https://bugs.gentoo.org/833432
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202202-03.xml | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2022-02-20 22:54:10 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=274205c3763263cf42fc81e6485bde8ce075eed7

commit 274205c3763263cf42fc81e6485bde8ce075eed7
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-02-20 22:52:50 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-20 22:53:51 +0000

    [ GLSA 202201-02 ] Chromium, Google Chrome: fix ID
    
    Bug: https://bugs.gentoo.org/832559
    Bug: https://bugs.gentoo.org/833432
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202202-03.xml => glsa-202202-02.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)