Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 865501 (CVE-2022-2852, CVE-2022-2853, CVE-2022-2854, CVE-2022-2855, CVE-2022-2856, CVE-2022-2857, CVE-2022-2858, CVE-2022-2859, CVE-2022-2860, CVE-2022-2861)

Summary: <www-client/chromium-104.0.5112.101 <www-client/chromium-bin-104.0.5112.101 <www-client/google-chrome-104.0.5112.101 <www-client/microsoft-edge-104.0.1293.63: Multiple vulnerabilities
Product: Gentoo Security Reporter: Stephan Hartmann (RETIRED) <sultan>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 865839    
Bug Blocks:    

Description Stephan Hartmann (RETIRED) gentoo-dev 2022-08-17 09:26:27 UTC
[1349322] Critical CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02

[1337538] High CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18

[1345042] High CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16

[1338135] High CVE-2022-2857: Use after free in Blink. Reported by Anonymous on 2022-06-21

[1341918] High CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05

[1350097] High CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04

[1345630] High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19

[1338412] Medium CVE-2022-2859: Use after free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22
[$2000][1345193] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong on 2022-07-18

[1346236] Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI on 2022-07-21

Google is aware that an exploit for CVE-2022-2856 exists in the wild.
Comment 1 Stephan Hartmann (RETIRED) gentoo-dev 2022-08-17 10:33:38 UTC
I think we are not affected by CVE-2022-2856. Chrome intents are an Android feature afaik. Same for CVE-2022-2859, which is ChromeOS specific.
Comment 2 Larry the Git Cow gentoo-dev 2022-08-20 03:09:24 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23b5321391e72b194192934f3a3112a1db4c8ac2

commit 23b5321391e72b194192934f3a3112a1db4c8ac2
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-08-20 03:07:23 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-20 03:09:14 +0000

    www-client/chromium: add 104.0.5112.101
    
    Bug: https://bugs.gentoo.org/865501
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/Manifest                       |    1 +
 www-client/chromium/chromium-104.0.5112.101.ebuild | 1193 ++++++++++++++++++++
 2 files changed, 1194 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2022-08-20 07:21:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b545da3430029ab15b0aadeff2d9e18de52dc87

commit 2b545da3430029ab15b0aadeff2d9e18de52dc87
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-08-20 07:21:01 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-08-20 07:21:15 +0000

    www-client/chromium-bin: add 104.0.5112.101
    
    Bug: https://bugs.gentoo.org/865501
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium-bin/Manifest                   |  11 +
 .../chromium-bin-104.0.5112.101.ebuild             | 238 +++++++++++++++++++++
 2 files changed, 249 insertions(+)
Comment 4 Larry the Git Cow gentoo-dev 2022-08-20 07:23:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a008b7cc3c3bc02fa335e557f582a1baf7498fa7

commit a008b7cc3c3bc02fa335e557f582a1baf7498fa7
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-08-20 07:23:41 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-08-20 07:23:41 +0000

    www-client/chromium-bin: drop 104.0.5112.79
    
    Bug: https://bugs.gentoo.org/865501
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium-bin/Manifest                   |  11 -
 .../chromium-bin/chromium-bin-104.0.5112.79.ebuild | 238 ---------------------
 2 files changed, 249 deletions(-)
Comment 5 Larry the Git Cow gentoo-dev 2022-08-21 06:13:03 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=cc821fda3ee186d2bcc82c6163599beb50f2302d

commit cc821fda3ee186d2bcc82c6163599beb50f2302d
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-21 06:11:41 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-21 06:12:55 +0000

    [ GLSA 202208-35 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/858104
    Bug: https://bugs.gentoo.org/859442
    Bug: https://bugs.gentoo.org/863512
    Bug: https://bugs.gentoo.org/864723
    Bug: https://bugs.gentoo.org/865501
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-35.xml | 126 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 126 insertions(+)
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-21 06:13:46 UTC
GLSA done, cleanup pending. Please close when cleanup done.
Comment 7 Larry the Git Cow gentoo-dev 2022-08-21 06:15:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=db5089f2c8433e4b0785e41129b68ae630313c83

commit db5089f2c8433e4b0785e41129b68ae630313c83
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-08-21 06:15:07 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-21 06:15:07 +0000

    www-client/chromium: drop 103.0.5060.134, 104.0.5112.79
    
    Bug: https://bugs.gentoo.org/865501
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/Manifest                       |    3 -
 www-client/chromium/chromium-103.0.5060.134.ebuild | 1114 ------------------
 www-client/chromium/chromium-104.0.5112.79.ebuild  | 1193 --------------------
 3 files changed, 2310 deletions(-)