Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 866332 - <dev-qt/qtwebengine-5.15.7_p20221122: Multiple vulnerabilities...
Summary: <dev-qt/qtwebengine-5.15.7_p20221122: Multiple vulnerabilities...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa?]
Depends on: qt-5.15.7-stable
Blocks: CVE-2022-2294 888181
  Show dependency tree
Reported: 2022-08-24 15:58 UTC by Andreas Sturmlechner
Modified: 2022-12-24 16:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Sturmlechner gentoo-dev 2022-08-24 15:58:50 UTC
Update Chromium5.15
Submodule src/3rdparty 7e11d69b..be349eaf:
  * [Backport] Security bug 1343889
  * [Backport] CVE-2022-2610: Insufficient policy enforcement in Background Fetch
  * [Backport] CVE-2022-2477 : Use after free in Guest View
  * [Backport] CVE-2022-27406
  * [Backport] CVE-2022-27405 (2/2)
  * [Backport] CVE-2022-27405 (1/2)
  * [Backport] CVE-2022-27404
  * [Backport] Security bug 1287804
  * [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (2/2)
  * [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC (1/2)
  * [Backport] CVE-2022-2295: Type Confusion in V8
  * [Backport] CVE-2022-2160: Insufficient policy enforcement in DevTools
  * [Backport] CVE-2022-2162: Insufficient policy enforcement in File System API
  * [Backport] CVE-2022-2158: Type Confusion in V8
  * [Backport] Security bug 1316578
  * [Backport] CVE-2022-2008: Out of bounds memory access in WebGL
  * [Backport] CVE-2022-2010: Out of bounds read in compositing
  * [Backport] CVE-2022-1854: Use after free in ANGLE.
  * [Backport] CVE-2022-1857: Insufficient policy enforcement in File System API
  * [Backport] CVE-2022-1855: Use after free in Messaging
  * FIXUP: Fix url_utils for QtWebEngine
Comment 1 Andreas Sturmlechner gentoo-dev 2022-08-24 16:04:08 UTC
There is also CVE-2022-27404, CVE-2022-27405, CVE-2022-27406 (bug 840224) but the ebuild depends on media-libs/freetype so I assume it is using system-freetype.
Comment 2 Morteza 2022-10-06 22:14:56 UTC
Any progress on these cve?
Comment 3 Larry the Git Cow gentoo-dev 2022-11-29 20:51:36 UTC
The bug has been referenced in the following commit(s):

commit b29d1aa9e776bef58cf639b10bdbe4d21a236d7c
Author:     Andreas Sturmlechner <>
AuthorDate: 2022-11-29 19:32:46 +0000
Commit:     Andreas Sturmlechner <>
CommitDate: 2022-11-29 20:50:29 +0000

    dev-qt/qtwebengine: add 5.15.7_p20221122
    Snapshotted at:
    Branch: 5.15
    Commit: 5d89f26414471689a9626515d098104e38bacbda
    Submodule qtwebengine-chromium.git:
    Branch: 87-based
    Commit: 20f20a41961ae1f63cf04a02f743cd2d9892a3b0
    Patched with security patches up to Chromium version: 98.0.4758.102
    Signed-off-by: Andreas Sturmlechner <>

 dev-qt/qtwebengine/Manifest                        |   1 +
 .../qtwebengine-5.15.7_p20221122.ebuild            | 282 +++++++++++++++++++++
 2 files changed, 283 insertions(+)
Comment 4 Andreas Sturmlechner gentoo-dev 2022-11-29 21:24:04 UTC
[Backport] Security bug 137891687-based
Fixup the patch for CVE-2022-3200 on 87-based / 5.15
[Backport] CVE-2022-3200: Heap buffer overflow in Internals
[Backport] CVE-2022-3887: Use after free in Web Workers
[Backport] CVE-2022-3890: Heap buffer overflow in Crashpad
[Backport] CVE-2022-3889: Type Confusion in V8
[Backport] CVE-2022-3885: Use after free in V8
[Backport] CVE-2022-3445: Use after free in Skia.
[Backport] CVE-2022-3373: Out of bounds write in V8
Fix building with XCode 14.1
[Backport] CVE-2022-3046: Use after free in Browser Tag
[Backport] CVE-2022-3446 and CVE-2022-35737
[Backport] CVE-2022-3304: Use after free in CSS
[Backport] CVE-2022-3201: Insufficient validation of untrusted input in Devel...
[Backport] Security bug 1356308
[Backport] CVE-2022-3370: Use after free in Custom Elements
[Backport] Security bugs 1346938 and 1338114
[Backport] CVE-2022-3199: Use after free in Frames.
[Backport] CVE-2022-3198: Use after free in PDF
[Backport] CVE-2022-3197: Use after free in PDF
[Backport] CVE-2022-3196: Use after free in PDF
[Backport] CVE-2022-3075: Insufficient data validation in Mojo
[Backport] CVE-2022-3040: Use after free in Layout
[Backport] CVE-2022-3041: Use after free in WebSQL
[Backport] CVE-2022-3038: Use after free in Network Service
Comment 5 Larry the Git Cow gentoo-dev 2022-12-06 17:07:00 UTC
The bug has been referenced in the following commit(s):

commit acd584359ad952899442a4d7a0187df45e33fc7c
Author:     Andreas Sturmlechner <>
AuthorDate: 2022-12-05 20:09:19 +0000
Commit:     Andreas Sturmlechner <>
CommitDate: 2022-12-06 17:05:58 +0000

    dev-qt/qtwebengine: cleanup vulnerable 5.15.5_p20220618
    Signed-off-by: Andreas Sturmlechner <>

 dev-qt/qtwebengine/Manifest                        |   1 -
 .../qtwebengine-5.15.5_p20220618.ebuild            | 283 ---------------------
 2 files changed, 284 deletions(-)