Bug 834477 (CVE-2022-0789, CVE-2022-0790, CVE-2022-0791, CVE-2022-0792, CVE-2022-0793, CVE-2022-0794, CVE-2022-0795, CVE-2022-0796, CVE-2022-0797, CVE-2022-0798, CVE-2022-0799, CVE-2022-0800, CVE-2022-0801, CVE-2022-0802, CVE-2022-0803, CVE-2022-0804, CVE-2022-0805, CVE-2022-0806, CVE-2022-0807, CVE-2022-0808, CVE-2022-0809)

Summary:	<www-client/chromium-99.0.4844.51 <www-client/google-chrome-99.0.4844.51 <www-client/microsoft-edge-99.0.1150.30: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Stephan Hartmann (RETIRED) <sultan>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	chromium
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=847613 https://bugs.gentoo.org/show_bug.cgi?id=853229
Whiteboard:	A2 [glsa+]
Package list:		Runtime testing required:	---
Bug Depends on:	834478
Bug Blocks:

Description Stephan Hartmann (RETIRED) gentoo-dev

2022-03-02 07:15:46 UTC

[1289383] High CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-01-21

[1274077] High CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous on 2021-11-26

[1278322] High CVE-2022-0791: Use after free in Omnibox. Reported by Zhihua Yao of KunLun Lab on 2021-12-09

[1285885] High CVE-2022-0792: Out of bounds read in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-01-11

[1291728] High CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita on 2022-01-28

[1294097] High CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani on 2022-02-04

[1282782] High CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960 on 2021-12-27

[1295786] High CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-02-10

[1281908] High CVE-2022-0797: Out of bounds memory access in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2021-12-21

[1283402] Medium CVE-2022-0798: Use after free in MediaStream. Reported by Samet Bekmezci @sametbekmezci on 2021-12-30

[1279188] Medium CVE-2022-0799: Insufficient policy enforcement in Installer. Reported by Abdelhamid Naceri (halov) on 2021-12-12

[1242962] Medium CVE-2022-0800: Heap buffer overflow in Cast UI. Reported by Khalil Zhani on 2021-08-24

[1231037] Medium CVE-2022-0801: Inappropriate implementation in HTML parser. Reported by Michał Bentkowski of Securitum on 2021-07-20

[1270052] Medium CVE-2022-0802: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-11-14

[1280233] Medium CVE-2022-0803: Inappropriate implementation in Permissions. Reported by Abdulla Aldoseri on 2021-12-15

[1264561] Medium CVE-2022-0804: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2021-10-29

[1290700] Medium CVE-2022-0805: Use after free in Browser Switcher. Reported by raven at KunLun Lab on 2022-01-25

[1283434] Medium CVE-2022-0806: Data leak in Canvas. Reported by Paril on 2021-12-31

[1287364] Medium CVE-2022-0807: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz on 2022-01-14

[1292271] Medium CVE-2022-0808: Use after free in Chrome OS Shell. Reported by @ginggilBesel on 2022-01-29

[1293428] Medium CVE-2022-0809: Out of bounds memory access in WebXR. Reported by @uwu7586 on 2022-02-03

Comment 1 Stephan Hartmann (RETIRED) gentoo-dev

2022-03-02 07:17:08 UTC

Updated www-client/microsoft-edge not released yet, expecting today or tomorrow.

Comment 2 Larry the Git Cow gentoo-dev

2022-03-06 07:59:31 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=96b76c0fe868ae9cc1bad0d774c0de6792ab7862

commit 96b76c0fe868ae9cc1bad0d774c0de6792ab7862
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-03-06 07:58:15 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-03-06 07:59:00 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/834477
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |   2 -
 www-client/chromium/chromium-98.0.4758.102.ebuild  | 964 ---------------------
 .../chromium/files/chromium-glibc-2.34.patch       |  50 --
 3 files changed, 1016 deletions(-)

Comment 3 John Helmert III archtester

2022-08-14 04:58:48 UTC

GLSA request filed

Comment 4 Larry the Git Cow gentoo-dev

2022-08-14 14:34:40 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5

commit 3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:29:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/773040
    Bug: https://bugs.gentoo.org/787950
    Bug: https://bugs.gentoo.org/800181
    Bug: https://bugs.gentoo.org/810781
    Bug: https://bugs.gentoo.org/815397
    Bug: https://bugs.gentoo.org/828519
    Bug: https://bugs.gentoo.org/829161
    Bug: https://bugs.gentoo.org/834477
    Bug: https://bugs.gentoo.org/835397
    Bug: https://bugs.gentoo.org/835761
    Bug: https://bugs.gentoo.org/836011
    Bug: https://bugs.gentoo.org/836381
    Bug: https://bugs.gentoo.org/836777
    Bug: https://bugs.gentoo.org/836830
    Bug: https://bugs.gentoo.org/837497
    Bug: https://bugs.gentoo.org/838049
    Bug: https://bugs.gentoo.org/838433
    Bug: https://bugs.gentoo.org/838682
    Bug: https://bugs.gentoo.org/841371
    Bug: https://bugs.gentoo.org/843035
    Bug: https://bugs.gentoo.org/843728
    Bug: https://bugs.gentoo.org/847370
    Bug: https://bugs.gentoo.org/847613
    Bug: https://bugs.gentoo.org/848864
    Bug: https://bugs.gentoo.org/851003
    Bug: https://bugs.gentoo.org/851009
    Bug: https://bugs.gentoo.org/853229
    Bug: https://bugs.gentoo.org/853643
    Bug: https://bugs.gentoo.org/854372
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-25.xml | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 284 insertions(+)

Comment 5 Sam James archtester

2022-08-14 14:37:36 UTC

GLSA done, all done.