Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 768831 (CVE-2021-21148) - <www-client/chromium-88.0.4324.150 <www-client/google-chrome-88.0.4324.150: Heap buffer overflow (CVE-2021-21148)
Summary: <www-client/chromium-88.0.4324.150 <www-client/google-chrome-88.0.4324.150: H...
Status: RESOLVED FIXED
Alias: CVE-2021-21148
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-05 08:59 UTC by Ian Kumlien
Modified: 2021-05-01 00:02 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ian Kumlien 2021-02-05 08:59:29 UTC
Chrome was bumped due to a heap overflow in javascript - it's being exploited in the wild.

https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html

Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2021-02-06 20:36:16 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3c1f81ab92ab5a316e96fed45505250f00c89135

commit 3c1f81ab92ab5a316e96fed45505250f00c89135
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2021-02-06 20:34:28 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2021-02-06 20:36:11 +0000

    www-client/chromium: stable channel bump to 88.0.4324.150
    
    Bug: https://bugs.gentoo.org/768459
    Bug: https://bugs.gentoo.org/768831
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                      |   1 +
 www-client/chromium/chromium-88.0.4324.150.ebuild | 901 ++++++++++++++++++++++
 2 files changed, 902 insertions(+)
Comment 2 Stephan Hartmann gentoo-dev 2021-02-07 11:03:30 UTC
arm64 done
Comment 3 Stephan Hartmann gentoo-dev 2021-02-07 11:04:41 UTC
amd64 done
Comment 4 Larry the Git Cow gentoo-dev 2021-02-07 11:05:49 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63c7cdd86f01eff47666454fecc1ffb300118342

commit 63c7cdd86f01eff47666454fecc1ffb300118342
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2021-02-07 11:05:26 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2021-02-07 11:05:26 +0000

    www-client/chromium: security cleanup
    
    Bug: https://bugs.gentoo.org/768459
    Bug: https://bugs.gentoo.org/768831
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                     |   1 -
 www-client/chromium/chromium-88.0.4324.96.ebuild | 901 -----------------------
 2 files changed, 902 deletions(-)
Comment 5 Maciej S. Szmigiero 2021-02-07 12:49:47 UTC
What about the Beta channel though?

www-client/chromium-89.0.4389.23 is the latest version in the tree but 89.0.4389.40 was released a day before 88.0.4324.150 that fixed this vulnerability in the Stable channel.

That makes me wonder whether a Beta channel bump to 89.0.4389.40 is needed for this bug, too.
Comment 6 Stephan Hartmann gentoo-dev 2021-02-07 13:14:15 UTC
(In reply to Maciej S. Szmigiero from comment #5)
> What about the Beta channel though?
> 
> www-client/chromium-89.0.4389.23 is the latest version in the tree but
> 89.0.4389.40 was released a day before 88.0.4324.150 that fixed this
> vulnerability in the Stable channel.
> 
> That makes me wonder whether a Beta channel bump to 89.0.4389.40 is needed
> for this bug, too.

Beta and Dev channel are not covered by Gentoo Security. Also Google does not publish any informations regarding vulnerabilities for those. So we can only guess that 89.0.4389.40 is fixed too. I'm preparing bump for beta channel at the moment. Should hit the tree in few hours.
Comment 7 Thomas Deutschmann gentoo-dev Security 2021-04-30 22:55:46 UTC
Added to an existing GLSA request.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2021-05-01 00:02:16 UTC
This issue was resolved and addressed in
 GLSA 202104-08 at https://security.gentoo.org/glsa/202104-08
by GLSA coordinator Thomas Deutschmann (whissi).