Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 904394 (CVE-2023-2033)

Summary: <www-client/chromium-112.0.5615.121 <www-client/google-chrome-112.0.5615.121 <www-client/microsoft-edge-112.0.1722.48: Type Confusion in V8. Exploit exists.
Product: Gentoo Security Reporter: gentoo
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: chromium, mail, mpagano, sgtphou
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 904531, 904838    
Bug Blocks:    

Description gentoo 2023-04-16 08:39:32 UTC
See https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html

112.0.5615.121 includes 2 security fixes.

[$NA][1432210] High CVE-2023-2033: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-11

Google is aware that an exploit for CVE-2023-2033 exists in the wild.

[1433131] Various fixes from internal audits, fuzzing and other initiatives
Comment 1 Stephan Hartmann (RETIRED) gentoo-dev 2023-04-18 16:14:40 UTC
commit ab1afa59edfdc62871a325e5f75aa0bd2c2b89e0
Author: Mike Gilbert <floppym@gentoo.org>
Date:   Tue Apr 18 11:17:50 2023 -0400

    www-client/chromium: add 112.0.5615.121

    Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-30 00:04:37 UTC
GLSA request filed.
Comment 3 Larry the Git Cow gentoo-dev 2023-09-30 08:57:34 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=de793de405f9e13d0d29d94de3f236ce0b5b3338

commit de793de405f9e13d0d29d94de3f236ce0b5b3338
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-09-30 08:56:23 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-09-30 08:57:27 +0000

    [ GLSA 202309-17 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/893660
    Bug: https://bugs.gentoo.org/904252
    Bug: https://bugs.gentoo.org/904394
    Bug: https://bugs.gentoo.org/904560
    Bug: https://bugs.gentoo.org/905297
    Bug: https://bugs.gentoo.org/905620
    Bug: https://bugs.gentoo.org/905883
    Bug: https://bugs.gentoo.org/906586
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202309-17.xml | 152 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 152 insertions(+)