https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. This update includes 4 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information. [$TBD][1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01 [$7500][1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16 [$3000][1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19
Working on Chromium. google-chrome done.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f192ebd258a3d865c570094a386712e3a09d662 commit 1f192ebd258a3d865c570094a386712e3a09d662 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-07-15 04:50:18 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-07-15 04:53:45 +0000 www-client/chromium: add 103.0.5060.114 Bug: https://bugs.gentoo.org/858104 Closes: https://bugs.gentoo.org/854981 Signed-off-by: Sam James <sam@gentoo.org> www-client/chromium/Manifest | 1 + www-client/chromium/chromium-103.0.5060.114.ebuild | 1114 ++++++++++++++++++++ 2 files changed, 1115 insertions(+)
Seeing the concerns in our forums, a question: is chromium-bin's "build recipe" public so anyone could bump it while the maintainer is away? (Also this security bug should probably extend to chromium-bin too)
Good point, thanks!
(In reply to Joonas Niilola from comment #3) > Seeing the concerns in our forums, a question: is chromium-bin's "build > recipe" public so anyone could bump it while the maintainer is away? > > (Also this security bug should probably extend to chromium-bin too) AFAIK no, but if someone finds it/is aware, do share. The various binary browsers however *do* have scripts in https://gitweb.gentoo.org/proj/chromium-tools.git/.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ed5d19dabaccd4243802aa0da959784f6c5627e commit 7ed5d19dabaccd4243802aa0da959784f6c5627e Author: Sam James <sam@gentoo.org> AuthorDate: 2022-07-20 03:56:55 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-07-20 03:56:55 +0000 www-client/chromium: drop 103.0.5060.53 Bug: https://bugs.gentoo.org/858104 Signed-off-by: Sam James <sam@gentoo.org> www-client/chromium/Manifest | 1 - www-client/chromium/chromium-103.0.5060.53.ebuild | 1114 --------------------- 2 files changed, 1115 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=cc821fda3ee186d2bcc82c6163599beb50f2302d commit cc821fda3ee186d2bcc82c6163599beb50f2302d Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-21 06:11:41 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-21 06:12:55 +0000 [ GLSA 202208-35 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/858104 Bug: https://bugs.gentoo.org/859442 Bug: https://bugs.gentoo.org/863512 Bug: https://bugs.gentoo.org/864723 Bug: https://bugs.gentoo.org/865501 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-35.xml | 126 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 126 insertions(+)
GLSA done, all done.
