Fixed upstream in 95.0.4638.69. ``` $10000][1259864] High CVE-2021-37997 : Use after free in Sign-In. Reported by Wei Yuan of MoyunSec VLab on 2021-10-14 [$7500][1259587] High CVE-2021-37998 : Use after free in Garbage Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-13 [$1000][1251541] High CVE-2021-37999 : Insufficient data validation in New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21 [$N/A][1249962] High CVE-2021-38000 : Insufficient validation of untrusted input in Intents. Reported by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group on 2021-09-15 [$N/A][1260577] High CVE-2021-38001 : Type Confusion in V8. Reported by Kunlun Lab via Tianfu Cup on 2021-10-16 [$N/A][1260940] High CVE-2021-38002 : Use after free in Web Transport. Reported by @__R0ng of 360 Alpha Lab, 漏洞研究院青训队 via Tianfu Cup on 2021-10-16 [$TBD][1263462] High CVE-2021-38003 : Inappropriate implementation in V8. Reported by Clément Lecigne from Google TAG and Samuel Groß from Google Project Zero on 2021-10-26 Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild. ```
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8c3c87d4f05b25154de77577778d23636696780 commit d8c3c87d4f05b25154de77577778d23636696780 Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2021-10-29 13:42:22 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2021-10-29 13:42:57 +0000 www-client/google-chrome: automated update (95.0.4638.69) Bug: https://bugs.gentoo.org/820689 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/google-chrome/Manifest | 2 +- ...gle-chrome-95.0.4638.54.ebuild => google-chrome-95.0.4638.69.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61ba25145e2693ec3da97b6fe059de0f6d92dc69 commit 61ba25145e2693ec3da97b6fe059de0f6d92dc69 Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2021-10-30 17:41:04 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2021-10-30 17:41:34 +0000 www-client/chromium: stable channel bump to 95.0.4638.69 Bug: https://bugs.gentoo.org/819771 Bug: https://bugs.gentoo.org/820689 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/Manifest | 1 + www-client/chromium/chromium-95.0.4638.69.ebuild | 953 +++++++++++++++++++++++ 2 files changed, 954 insertions(+)
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6831c0d501d70933f91ddbbefad0fda5e1c59386 commit 6831c0d501d70933f91ddbbefad0fda5e1c59386 Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2021-10-31 08:22:28 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2021-10-31 08:22:54 +0000 www-client/chromium: security cleanup Bug: https://bugs.gentoo.org/820689 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/Manifest | 1 - www-client/chromium/chromium-95.0.4638.54.ebuild | 954 ----------------------- 2 files changed, 955 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a5cb3b8ed2294fbfe4dfaf3e992220585c749f25 commit a5cb3b8ed2294fbfe4dfaf3e992220585c749f25 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-01-31 05:00:26 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-01-31 05:00:26 +0000 [ GLSA 202201-02 ] Chromium, Google Chrome: Multiple vulnerabilities Bug: https://bugs.gentoo.org/803167 Bug: https://bugs.gentoo.org/806223 Bug: https://bugs.gentoo.org/808715 Bug: https://bugs.gentoo.org/811348 Bug: https://bugs.gentoo.org/813035 Bug: https://bugs.gentoo.org/814221 Bug: https://bugs.gentoo.org/814617 Bug: https://bugs.gentoo.org/815673 Bug: https://bugs.gentoo.org/816984 Bug: https://bugs.gentoo.org/819054 Bug: https://bugs.gentoo.org/820689 Bug: https://bugs.gentoo.org/824274 Bug: https://bugs.gentoo.org/829190 Bug: https://bugs.gentoo.org/830642 Bug: https://bugs.gentoo.org/831624 Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202201-02.xml | 257 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 257 insertions(+)
All done! \o/