See ${URL}. www-client/chrome bumped already.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d95b8b846b0f27a7f3b87115d4f9cde6cb96c248 commit d95b8b846b0f27a7f3b87115d4f9cde6cb96c248 Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2021-05-11 20:37:10 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2021-05-11 20:37:34 +0000 www-client/chromium: stable channel bump to 90.0.4430.212 Bug: https://bugs.gentoo.org/789420 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/Manifest | 1 + www-client/chromium/chromium-90.0.4430.212.ebuild | 926 ++++++++++++++++++++++ 2 files changed, 927 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c170d3fcdc133243867d1524c26043660e318e94 commit c170d3fcdc133243867d1524c26043660e318e94 Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2021-05-12 17:00:34 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2021-05-12 17:00:47 +0000 www-client/chromium: arm64 stable, bug #789420 Bug: https://bugs.gentoo.org/789420 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/chromium-90.0.4430.212.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
amd64 done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=138ad563f193087b93dc99d843b312fbbac560ac commit 138ad563f193087b93dc99d843b312fbbac560ac Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2021-05-12 18:18:14 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2021-05-12 18:18:14 +0000 www-client/chromium: security cleanup Bug: https://bugs.gentoo.org/789420 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/Manifest | 1 - www-client/chromium/chromium-90.0.4430.93.ebuild | 927 ----------------------- 2 files changed, 928 deletions(-)
Unable to check for sanity: > no match for package: www-client/chromium-90.0.4430.212
These vulnerabilities are now under active exploitation: https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html dev-qt/qtwebengine is a library version of chromium, and any bugs that affect www-client/chromium almost certainly affect dev-qt/qtwebengine. For example, bug #769989 required both dev-qt/qtwebengine and www-client/chromium be patched because of an incompatibility between glibc-2.33 and the chromium sandbox. That exact issue visibly manifested itself in www-client/falkon when used with an unpatched version of dev-qt/qtwebengine. It stands to reason that other security issues would also affect www-client/falkon and other dev-qt/qtwebengine consumers. At a glance, the latest version of dev-qt/qtwebengine in the tree is based on chromium 87, so the probability of it being vulnerable is high: https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-qt/qtwebengine/qtwebengine-5.15.2_p20210521.ebuild?id=154b6c93890d4ed1d8a72edbf1442325979efc14 I recommend that the dev-qt/qtwebengine maintainer and security team conduct an audit of the dev-qt/qtwebengine to confirm that it is affected by this and then take steps to remedy that. Otherwise, end users of things relying on dev-qt/qtwebengine will be vulnerable to exploitation. Lastly, it might also be worthwhile to review the potential for exploitation of this vulnerability in the electron software in the tree. Off the top of my head, that includes: net-im/discord-bin net-im/signal-desktop-bin There are probably others. Embedded chromium is in many places. :/
Disregard my comment about active exploitation. I posted this in the wrong bug. I wanted bug #795201. :/
Request filed
This issue was resolved and addressed in GLSA 202107-06 at https://security.gentoo.org/glsa/202107-06 by GLSA coordinator John Helmert III (ajak).
