Bug 953069 (CVE-2025-3066, CVE-2025-3067, CVE-2025-3068, CVE-2025-3069, CVE-2025-3070, CVE-2025-3071, CVE-2025-3072, CVE-2025-3073, CVE-2025-3074)

Summary:	<www-client/chromium-135.0.7049.52, <www-client/google-chrome-135.0.7049.52, <www-client/microsoft-edge-135.0.3179.73, <www-client/opera-120.0.5543.8: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Matt Jolly <kangie>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	normal	CC:	chromium, kangie
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:	953070
Bug Blocks:

Description Matt Jolly gentoo-dev

2025-04-03 02:23:07 UTC

The Chrome team is delighted to announce the promotion of Chrome 135 to the stable channel for Windows, Mac and Linux.

[TBD][405140652] High CVE-2025-3066: Use after free in Navigations. Reported by Sven Dysthe (@svn-dys) on 2025-03-21

[$10000][376491759] Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2024-10-31

[$2000][401823929] Medium CVE-2025-3068: Inappropriate implementation in Intents. Reported by Simon Rawet on 2025-03-09

[$1000][40060076] Medium CVE-2025-3069: Inappropriate implementation in Extensions. Reported by NDevTK on 2022-06-26

[$1000][40086360] Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions. Reported by Anonymous on 2017-01-01

[$2000][40051596] Low CVE-2025-3071: Inappropriate implementation in Navigations. Reported by David Erceg on 2020-02-23

[$1000][362545037] Low CVE-2025-3072: Inappropriate implementation in Custom Tabs. Reported by Om Apip on 2024-08-27

[$500][388680893] Low CVE-2025-3073: Inappropriate implementation in Autofill. Reported by Hafiizh on 2025-01-09

[$500][392818696] Low CVE-2025-3074: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-01-28

Comment 1 Larry the Git Cow gentoo-dev

2025-04-03 02:26:38 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d5472a8a3459a38ce708bb5d915e4a4e99dc8ac9

commit d5472a8a3459a38ce708bb5d915e4a4e99dc8ac9
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2025-04-03 01:38:51 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2025-04-03 02:26:21 +0000

    www-client/chromium: add 135.0.7049.52
    
    Bug: https://bugs.gentoo.org/953069
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/chromium/Manifest                      |    2 +
 www-client/chromium/chromium-135.0.7049.52.ebuild | 1534 +++++++++++++++++++++
 2 files changed, 1536 insertions(+)

Comment 2 Larry the Git Cow gentoo-dev

2025-04-03 03:56:51 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16cbb1702ca32b446d47aa8f86c4dcfc616b124e

commit 16cbb1702ca32b446d47aa8f86c4dcfc616b124e
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2025-04-03 02:28:41 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2025-04-03 03:54:37 +0000

    www-client/google-chrome: automated update (135.0.7049.52)
    
    Bug: https://bugs.gentoo.org/953069
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...-chrome-134.0.6998.165.ebuild => google-chrome-135.0.7049.52.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

Comment 3 Matt Jolly gentoo-dev

2025-06-11 12:27:06 UTC

Microsoft Edge CVE fix versions:
  135.0.3179.54: CVE-2025-3067, CVE-2025-3068, CVE-2025-3069, CVE-2025-3070, CVE-2025-3071, CVE-2025-3072, CVE-2025-3073, CVE-2025-3074
  135.0.3179.73: CVE-2025-3066

Comment 4 Matt Jolly gentoo-dev

2025-06-11 14:49:03 UTC

Opera CVE fix versions (based on Chromium version mapping):
  120.0.5543.8: CVE-2025-3066, CVE-2025-3067, CVE-2025-3068, CVE-2025-3069, CVE-2025-3070, CVE-2025-3071, CVE-2025-3072, CVE-2025-3073, CVE-2025-3074