Bug 910522 (CVE-2023-3727, CVE-2023-3728, CVE-2023-3730, CVE-2023-3732, CVE-2023-3733, CVE-2023-3734, CVE-2023-3735, CVE-2023-3736, CVE-2023-3737, CVE-2023-3738, CVE-2023-3740)

Summary:	<www-client/chromium-115.0.5790.98, <www-client/google-chrome-115.0.5790.98 <www-client/microsoft-edge-115.0.1901.188: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	ajak, chromium, kangie
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html
Whiteboard:	A2 [glsa+]
Package list:		Runtime testing required:	---
Bug Depends on:	910563
Bug Blocks:

Description Sam James archtester

2023-07-18 22:46:36 UTC

[$7000][1454086] High CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-06-12

[$7000][1457421] High CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-06-23

[$2000][1453465] High CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel on 2023-06-09

[$NA][1450899] High CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-06-02

[$5000][1450203] Medium CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-31

[$5000][1450376] Medium CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita on 2023-06-01

[$2000][1394410] Medium CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry on 2022-11-29

[$2000][1434438] Medium CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2023-04-19

[$2000][1446754] Medium CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India)  on 2023-05-19

[$1000][1434330] Medium CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh on 2023-04-18

[$1000][1405223] Low CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui on 2023-01-06

Comment 1 Sam James archtester

2023-07-18 22:47:36 UTC

115.0.5790.98 has been promoted from beta->stable channel.

Please update the subslot in the ebuild, then stable (later?) when ready.

Comment 2 Larry the Git Cow gentoo-dev

2023-07-19 20:41:40 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6498096f6532c3de0c3455ac2346af50cd29b78b

commit 6498096f6532c3de0c3455ac2346af50cd29b78b
Author:     Matt Jolly <Matt.Jolly@footclan.ninja>
AuthorDate: 2023-07-19 15:23:45 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-07-19 20:41:07 +0000

    www-client/chromium: 115.0.5790.98 slot as stable
    
    - update HOMEPAGE
    - add 115 ppc patches
    
    Bug: https://bugs.gentoo.org/910522
    Signed-off-by: Matt Jolly <Matt.Jolly@footclan.ninja>
    Closes: https://github.com/gentoo/gentoo/pull/31958
    Signed-off-by: Sam James <sam@gentoo.org>

 www-client/chromium/Manifest                      | 1 +
 www-client/chromium/chromium-115.0.5790.98.ebuild | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

Comment 3 Larry the Git Cow gentoo-dev

2023-08-03 18:31:57 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d47c4cddd04cb8291036653bc1be540414978d31

commit d47c4cddd04cb8291036653bc1be540414978d31
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2023-08-03 18:28:18 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2023-08-03 18:31:34 +0000

    www-client/chromium: drop 114.0.5735.198
    
    Bug: https://bugs.gentoo.org/910522
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |    3 -
 www-client/chromium/chromium-114.0.5735.198.ebuild | 1270 --------------------
 .../files/chromium-109-system-openh264.patch       |   20 -
 ...ium-113-gcc-13-0001-vulkanmemoryallocator.patch |   10 -
 .../files/chromium-113-swiftshader-cstdint.patch   |   40 -
 .../chromium/files/chromium-114-compiler.patch     |  171 ---
 .../chromium/files/chromium-114-iwyu-gcc-13.patch  |   75 --
 .../chromium/files/chromium-114-sigsegv-dom.patch  |   73 --
 8 files changed, 1662 deletions(-)

Comment 4 Larry the Git Cow gentoo-dev

2024-01-31 15:40:04 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=8064a0b694d29fb2fca491d65494098fb43c2ffa

commit 8064a0b694d29fb2fca491d65494098fb43c2ffa
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-31 15:39:13 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-31 15:39:35 +0000

    [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/907999
    Bug: https://bugs.gentoo.org/908471
    Bug: https://bugs.gentoo.org/909283
    Bug: https://bugs.gentoo.org/910522
    Bug: https://bugs.gentoo.org/911675
    Bug: https://bugs.gentoo.org/912364
    Bug: https://bugs.gentoo.org/913016
    Bug: https://bugs.gentoo.org/913710
    Bug: https://bugs.gentoo.org/914350
    Bug: https://bugs.gentoo.org/914871
    Bug: https://bugs.gentoo.org/915137
    Bug: https://bugs.gentoo.org/915560
    Bug: https://bugs.gentoo.org/915961
    Bug: https://bugs.gentoo.org/916252
    Bug: https://bugs.gentoo.org/916620
    Bug: https://bugs.gentoo.org/917021
    Bug: https://bugs.gentoo.org/917357
    Bug: https://bugs.gentoo.org/918882
    Bug: https://bugs.gentoo.org/919321
    Bug: https://bugs.gentoo.org/919802
    Bug: https://bugs.gentoo.org/920442
    Bug: https://bugs.gentoo.org/921337
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-34.xml | 229 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 229 insertions(+)