Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 847370 (CVE-2022-1853, CVE-2022-1854, CVE-2022-1855, CVE-2022-1856, CVE-2022-1857, CVE-2022-1858, CVE-2022-1859, CVE-2022-1860, CVE-2022-1861, CVE-2022-1862, CVE-2022-1863, CVE-2022-1864, CVE-2022-1865, CVE-2022-1866, CVE-2022-1867, CVE-2022-1868, CVE-2022-1869, CVE-2022-1870, CVE-2022-1871, CVE-2022-1872, CVE-2022-1873, CVE-2022-1874, CVE-2022-1875, CVE-2022-1876) - <www-client/chromium-102.0.5005.61 <www-client/google-chrome-102.0.5005.61: Multiple vulnerabilities
Summary: <www-client/chromium-102.0.5005.61 <www-client/google-chrome-102.0.5005.61: M...
Status: RESOLVED FIXED
Alias: CVE-2022-1853, CVE-2022-1854, CVE-2022-1855, CVE-2022-1856, CVE-2022-1857, CVE-2022-1858, CVE-2022-1859, CVE-2022-1860, CVE-2022-1861, CVE-2022-1862, CVE-2022-1863, CVE-2022-1864, CVE-2022-1865, CVE-2022-1866, CVE-2022-1867, CVE-2022-1868, CVE-2022-1869, CVE-2022-1870, CVE-2022-1871, CVE-2022-1872, CVE-2022-1873, CVE-2022-1874, CVE-2022-1875, CVE-2022-1876
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 847373
Blocks: CVE-2022-26905, CVE-2022-30127, CVE-2022-30128
  Show dependency tree
 
Reported: 2022-05-25 06:43 UTC by Stephan Hartmann (RETIRED)
Modified: 2022-08-24 15:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Hartmann (RETIRED) gentoo-dev 2022-05-25 06:43:27 UTC
[1324864] Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12

[1320024] High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-27

[1228661] High CVE-2022-1855: Use after free in Messaging. Reported by Anonymous on 2021-07-13

[1323239] High CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab  on 2022-05-06

[1227995] High CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea on 2021-07-11

[1314310] High CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad on 2022-04-07

[1322744] High CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab on 2022-05-05

[1297209] High CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel on 2022-02-15

[1316846] High CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani on 2022-04-16

[1236325] Medium CVE-2022-1862: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2021-08-04

[1292870] Medium CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg on 2022-02-01

[1320624] Medium CVE-2022-1864: Use after free in WebApp Installs. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab on 2022-04-28

[1289192] Medium CVE-2022-1865: Use after free in Bookmarks. Reported by Rong Jian of VRI on 2022-01-20

[1292264] Medium CVE-2022-1866: Use after free in Tablet Mode. Reported by @ginggilBesel on 2022-01-29

[1315563] Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. Reported by Michał Bentkowski of Securitum on 2022-04-12

[1301203] Medium CVE-2022-1868: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-02-28

[1309467] Medium CVE-2022-1869: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-23

[1323236] Medium CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab  on 2022-05-06

[1308199] Low CVE-2022-1871: Insufficient policy enforcement in File System API. Reported by Thomas Orlita  on 2022-03-21

[1310461] Low CVE-2022-1872: Insufficient policy enforcement in Extensions API. Reported by ChaobinZhang on 2022-03-26

[1305394] Low CVE-2022-1873: Insufficient policy enforcement in COOP. Reported by NDevTK on 2022-03-11

[1251588] Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing. Reported by hjy79425575 on 2021-09-21

[1306443] Low CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK on 2022-03-15

[1313600] Low CVE-2022-1876: Heap buffer overflow in DevTools. Reported by @ginggilBesel on 2022-04-06
Comment 1 Larry the Git Cow gentoo-dev 2022-06-01 07:15:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e480102ac163eda791a2a7aaf6a07e51386c7f7

commit 0e480102ac163eda791a2a7aaf6a07e51386c7f7
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-06-01 07:13:59 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-06-01 07:14:55 +0000

    www-client/chromium: drop 101.0.4951.64
    
    Bug: https://bugs.gentoo.org/847370
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                      |    2 -
 www-client/chromium/chromium-101.0.4951.64.ebuild | 1024 ---------------------
 2 files changed, 1026 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2022-06-10 12:11:05 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=763f52ae930654e59f622635dcdd3376b9dd9db7

commit 763f52ae930654e59f622635dcdd3376b9dd9db7
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-06-10 12:09:36 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-06-10 12:10:35 +0000

    www-client/google-chrome: automated update (102.0.5005.115)
    
    Bug: https://bugs.gentoo.org/847370
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/google-chrome/Manifest                                       | 2 +-
 ...-chrome-102.0.5005.61.ebuild => google-chrome-102.0.5005.115.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
Comment 3 Stephan Hartmann (RETIRED) gentoo-dev 2022-06-10 12:17:09 UTC
Wrong bug sorry ;)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 04:58:56 UTC
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2022-08-14 14:34:43 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5

commit 3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 14:29:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-08-14 14:33:57 +0000

    [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/773040
    Bug: https://bugs.gentoo.org/787950
    Bug: https://bugs.gentoo.org/800181
    Bug: https://bugs.gentoo.org/810781
    Bug: https://bugs.gentoo.org/815397
    Bug: https://bugs.gentoo.org/828519
    Bug: https://bugs.gentoo.org/829161
    Bug: https://bugs.gentoo.org/834477
    Bug: https://bugs.gentoo.org/835397
    Bug: https://bugs.gentoo.org/835761
    Bug: https://bugs.gentoo.org/836011
    Bug: https://bugs.gentoo.org/836381
    Bug: https://bugs.gentoo.org/836777
    Bug: https://bugs.gentoo.org/836830
    Bug: https://bugs.gentoo.org/837497
    Bug: https://bugs.gentoo.org/838049
    Bug: https://bugs.gentoo.org/838433
    Bug: https://bugs.gentoo.org/838682
    Bug: https://bugs.gentoo.org/841371
    Bug: https://bugs.gentoo.org/843035
    Bug: https://bugs.gentoo.org/843728
    Bug: https://bugs.gentoo.org/847370
    Bug: https://bugs.gentoo.org/847613
    Bug: https://bugs.gentoo.org/848864
    Bug: https://bugs.gentoo.org/851003
    Bug: https://bugs.gentoo.org/851009
    Bug: https://bugs.gentoo.org/853229
    Bug: https://bugs.gentoo.org/853643
    Bug: https://bugs.gentoo.org/854372
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202208-25.xml | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 284 insertions(+)
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 14:37:44 UTC
GLSA done, all done.