Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 906586 (CVE-2023-2721, CVE-2023-2722, CVE-2023-2723, CVE-2023-2724, CVE-2023-2725, CVE-2023-2726)

Summary: <www-client/chromium-113.0.5672.126 <www-client/google-chrome-113.0.5672.126 <www-client/chromium-113.0.1774.50: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chromium
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 906625, 909778    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 23:48:10 UTC 
This update includes 12 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$TBD][1444360] Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10

[$7000][1400905] High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14

[$3000][1435166] High CVE-2023-2723: Use after free in DevTools. Reported by asnine on 2023-04-21

[$NA][1433211] High CVE-2023-2724: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-14

[$TBD][1442516] High CVE-2023-2725: Use after free in Guest View. Reported by asnine on 2023-05-04

[$1500][1442018] Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-03
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-05-16 23:48:21 UTC 
Tarball looks available.
Comment 2 Larry the Git Cow gentoo-dev 2023-05-17 15:36:35 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a53748bcb9f7e4d8fa07b3444e9cf052e4143d02

commit a53748bcb9f7e4d8fa07b3444e9cf052e4143d02
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2023-05-17 15:35:35 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2023-05-17 15:35:46 +0000

    www-client/chromium: add 113.0.5672.126
    
    Bug: https://bugs.gentoo.org/906586
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 www-client/chromium/Manifest                       |    1 +
 www-client/chromium/chromium-113.0.5672.126.ebuild | 1265 ++++++++++++++++++++
 2 files changed, 1266 insertions(+)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-30 00:04:54 UTC 
GLSA request filed.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-30 00:06:29 UTC 
Need to track down fixed versions for Edge too.
Comment 5 Larry the Git Cow gentoo-dev 2023-06-10 05:31:13 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab0da6660785c2f89a93ffda79f5ec7169378003

commit ab0da6660785c2f89a93ffda79f5ec7169378003
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-06-10 05:29:57 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-06-10 05:30:32 +0000

    www-client/chromium: drop 112.0.5615.165, 113.0.5672.63, 113.0.5672.92
    
    Bug: https://bugs.gentoo.org/906586
    Bug: https://bugs.gentoo.org/905620
    Bug: https://bugs.gentoo.org/904560
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/Manifest                       |    4 -
 www-client/chromium/chromium-112.0.5615.165.ebuild | 1261 -------------------
 www-client/chromium/chromium-113.0.5672.63.ebuild  | 1265 --------------------
 www-client/chromium/chromium-113.0.5672.92.ebuild  | 1265 --------------------
 .../chromium/files/chromium-112-compiler.patch     |  256 ----
 .../files/chromium-112-gcc-mno-outline.patch       |   29 -
 .../chromium/files/chromium-112-libstdc++-1.patch  |   59 -
 .../chromium/files/chromium-112-libstdc++.patch    |   63 -
 .../chromium/files/chromium-112-sql-relax.patch    |   46 -
 .../chromium/files/chromium-112-swiftshader.patch  |  122 --
 10 files changed, 4370 deletions(-)
Comment 6 Larry the Git Cow gentoo-dev 2023-09-30 08:57:40 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=de793de405f9e13d0d29d94de3f236ce0b5b3338

commit de793de405f9e13d0d29d94de3f236ce0b5b3338
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-09-30 08:56:23 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-09-30 08:57:27 +0000

    [ GLSA 202309-17 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/893660
    Bug: https://bugs.gentoo.org/904252
    Bug: https://bugs.gentoo.org/904394
    Bug: https://bugs.gentoo.org/904560
    Bug: https://bugs.gentoo.org/905297
    Bug: https://bugs.gentoo.org/905620
    Bug: https://bugs.gentoo.org/905883
    Bug: https://bugs.gentoo.org/906586
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202309-17.xml | 152 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 152 insertions(+)