Bug 890726 (CVE-2023-0128, CVE-2023-0129, CVE-2023-0130, CVE-2023-0131, CVE-2023-0132, CVE-2023-0133, CVE-2023-0134, CVE-2023-0135, CVE-2023-0136, CVE-2023-0137, CVE-2023-0138, CVE-2023-0139, CVE-2023-0140, CVE-2023-0141)

Summary:	<www-client/chromium-109.0.5414.74-r1 <www-client/chromium-bin-109.0.5414.74 <www-client/google-chrome-109.0.5414.74: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Stephan Hartmann (RETIRED) <sultan>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	chromium
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html
Whiteboard:	A2 [glsa+]
Package list:		Runtime testing required:	---
Bug Depends on:	888946, 903544
Bug Blocks:	890728

Description Stephan Hartmann (RETIRED) gentoo-dev

2023-01-13 18:54:32 UTC

[1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16

[1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07

[1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30

[1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28

[1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05

[1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17

[1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17

[1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18

[1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26

[1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10

[1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23

[1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24

[1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au  on 2022-05-18

[1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12

Comment 1 Larry the Git Cow gentoo-dev

2023-01-14 08:38:03 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf7fc6e838f669c503dd127107a8e9f85ca2f951

commit bf7fc6e838f669c503dd127107a8e9f85ca2f951
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2023-01-14 08:36:30 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2023-01-14 08:37:55 +0000

    www-client/chromium: promote M109 to stable
    
    Closes: https://bugs.gentoo.org/890064
    Bug: https://bugs.gentoo.org/884419
    Bug: https://bugs.gentoo.org/890726
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |  2 +-
 ....74.ebuild => chromium-109.0.5414.74-r1.ebuild} | 18 +++----
 .../chromium/files/chromium-109-system-icu.patch   | 58 ++++++++++++++++++++++
 3 files changed, 67 insertions(+), 11 deletions(-)

Comment 2 Larry the Git Cow gentoo-dev

2023-01-18 17:29:11 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd67ac969c0a0f780e495496ca476c40495af7dc

commit dd67ac969c0a0f780e495496ca476c40495af7dc
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2023-01-18 17:28:58 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2023-01-18 17:29:05 +0000

    www-client/chromium: drop 108.0.5359.124
    
    Bug: https://bugs.gentoo.org/890726
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |    3 -
 www-client/chromium/chromium-108.0.5359.124.ebuild | 1242 --------------------
 .../chromium/files/chromium-107-system-zlib.patch  |   10 -
 .../chromium-108-DocumentLoader-private.patch      |   36 -
 ...8-revert-GlobalMediaControlsCastStartStop.patch |   35 -
 5 files changed, 1326 deletions(-)

Comment 3 John Helmert III archtester

2023-01-25 20:26:40 UTC

GLSA request filed

Comment 4 Larry the Git Cow gentoo-dev

2023-05-03 09:54:29 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3df173efb2982a5d08d6bff00cd84eb619e793cd

commit 3df173efb2982a5d08d6bff00cd84eb619e793cd
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 09:53:05 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 09:54:22 +0000

    [ GLSA 202305-10 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/876855
    Bug: https://bugs.gentoo.org/878825
    Bug: https://bugs.gentoo.org/883031
    Bug: https://bugs.gentoo.org/883697
    Bug: https://bugs.gentoo.org/885851
    Bug: https://bugs.gentoo.org/886479
    Bug: https://bugs.gentoo.org/890726
    Bug: https://bugs.gentoo.org/890728
    Bug: https://bugs.gentoo.org/891501
    Bug: https://bugs.gentoo.org/891503
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-10.xml | 143 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 143 insertions(+)