Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 838049 (CVE-2022-1305, CVE-2022-1306, CVE-2022-1307, CVE-2022-1308, CVE-2022-1309, CVE-2022-1310, CVE-2022-1311, CVE-2022-1312, CVE-2022-1313, CVE-2022-1314)

Summary: <www-client/chromium-100.0.4896.88 <www-client/google-chrome-100.0.4896.88: Multiple vulnerabilities
Product: Gentoo Security Reporter: Stephan Hartmann (RETIRED) <sultan>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=847613
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 838058    
Bug Blocks: 838682    

Description Stephan Hartmann (RETIRED) gentoo-dev 2022-04-12 10:09:23 UTC
[1285234] High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07

[1299287] High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21

[1301873] High CVE-2022-1307: Inappropriate implementation in full screen. Reported by Irvan Kurniawan (sourc7) on 2022-03-01

[1283050] High CVE-2022-1308: Use after free in BFCache. Reported by Samet Bekmezci @sametbekmezci on 2021-12-28
[1106456] High CVE-2022-1309: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-07-17

[1307610] High CVE-2022-1310: Use after free in regular expressions. Reported by Brendon Tiszka on 2022-03-18

[1310717] High CVE-2022-1311: Use after free in Chrome OS shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-03-28

[1311701] High CVE-2022-1312: Use after free in storage. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2022-03-30

[1270539] Medium CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita on 2021-11-16

[1304658] Medium CVE-2022-1314: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-03-09
Comment 1 Larry the Git Cow gentoo-dev 2022-04-12 11:20:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46b47cf67a730b7a66359dd47a52f20ca0520225

commit 46b47cf67a730b7a66359dd47a52f20ca0520225
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-04-12 11:20:23 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-04-12 11:20:47 +0000

    www-client/chromium: stable channel bump to 100.0.4896.88
    
    Bug: https://bugs.gentoo.org/838049
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                      |    1 +
 www-client/chromium/chromium-100.0.4896.88.ebuild | 1028 +++++++++++++++++++++
 2 files changed, 1029 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2022-04-16 20:39:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1cd0dee5803c21ad6a24f1c7ab5ffc633c7c4a2

commit a1cd0dee5803c21ad6a24f1c7ab5ffc633c7c4a2
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-04-16 20:38:14 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-04-16 20:38:14 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/838049
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                      |    1 -
 www-client/chromium/chromium-100.0.4896.75.ebuild | 1026 ---------------------
 2 files changed, 1027 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:58:52 UTC
GLSA request filed
Comment 4 Larry the Git Cow gentoo-dev 2022-08-14 14:34:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5

commit 3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:29:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/773040
    Bug: https://bugs.gentoo.org/787950
    Bug: https://bugs.gentoo.org/800181
    Bug: https://bugs.gentoo.org/810781
    Bug: https://bugs.gentoo.org/815397
    Bug: https://bugs.gentoo.org/828519
    Bug: https://bugs.gentoo.org/829161
    Bug: https://bugs.gentoo.org/834477
    Bug: https://bugs.gentoo.org/835397
    Bug: https://bugs.gentoo.org/835761
    Bug: https://bugs.gentoo.org/836011
    Bug: https://bugs.gentoo.org/836381
    Bug: https://bugs.gentoo.org/836777
    Bug: https://bugs.gentoo.org/836830
    Bug: https://bugs.gentoo.org/837497
    Bug: https://bugs.gentoo.org/838049
    Bug: https://bugs.gentoo.org/838433
    Bug: https://bugs.gentoo.org/838682
    Bug: https://bugs.gentoo.org/841371
    Bug: https://bugs.gentoo.org/843035
    Bug: https://bugs.gentoo.org/843728
    Bug: https://bugs.gentoo.org/847370
    Bug: https://bugs.gentoo.org/847613
    Bug: https://bugs.gentoo.org/848864
    Bug: https://bugs.gentoo.org/851003
    Bug: https://bugs.gentoo.org/851009
    Bug: https://bugs.gentoo.org/853229
    Bug: https://bugs.gentoo.org/853643
    Bug: https://bugs.gentoo.org/854372
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-25.xml | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 284 insertions(+)
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 14:37:52 UTC
GLSA done, all done.