Bug 893660 (CVE-2023-0696, CVE-2023-0697, CVE-2023-0698, CVE-2023-0699, CVE-2023-0700, CVE-2023-0701, CVE-2023-0702, CVE-2023-0703, CVE-2023-0704, CVE-2023-0705, CVE-2023-0927, CVE-2023-0928, CVE-2023-0929, CVE-2023-0930, CVE-2023-0931, CVE-2023-0932, CVE-2023-0933, CVE-2023-0941, CVE-2023-1528, CVE-2023-1529, CVE-2023-1530, CVE-2023-1531, CVE-2023-1532, CVE-2023-1533, CVE-2023-1534)

Summary:	<www-client/chromium-111.0.5563.110 <www-client/google-chrome-111.0.5563.110 <www-client/microsoft-edge-111.0.1661.54: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Ian Kumlien <ian.kumlien>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	major	CC:	bitlord0xff, chromium, mail, sgtphou
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
Whiteboard:	A2 [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:	902547
Bug Blocks:

Description Ian Kumlien 2023-02-09 00:18:11 UTC

New version of google chrome is out and we should bump the package

mv google-chrome-109.0.5414.119.ebuild google-chrome-110.0.5481.77.ebuild

Seems to work

Information about the release:
https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html

Reproducible: Always

Comment 1 Maciej S. Szmigiero 2023-03-01 14:26:56 UTC

Looks like www-client/chromium hasn't been updated in Gentoo for more than a month now - the last version bump was on Jan 25.

Comment 2 John Helmert III archtester

2023-05-01 05:42:33 UTC

CVE-2023-1531 (https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html):

Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1530 (https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html):

Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1534 (https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html):

Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1533 (https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html):

Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1528 (https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html):

Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1532 (https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html):

Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1529 (https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html):

Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)

CVE-2023-0933 (https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html):

Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

CVE-2023-0931 (https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html):

Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-0930 (https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html):

Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-0929 (https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html):

Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-0941 (https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html):

Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVE-2023-0932 (https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html):

Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-0928 (https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html):

Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-0927 (https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html):

Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-0699 (https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html):

Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)

CVE-2023-0698 (https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html):

Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

CVE-2023-0705 (https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html):

Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-0701 (https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html):

Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium)

CVE-2023-0703 (https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html):

Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)

CVE-2023-0704 (https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html):

Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-0702 (https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html):

Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-0700 (https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html):

Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-0696 (https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html):

Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-0697 (https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html):

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High)

Many other bugs fixed in these versions too.

Comment 3 John Helmert III archtester

2023-05-30 00:04:28 UTC

GLSA request filed.