868354 – (CVE-2022-3038, CVE-2022-3039, CVE-2022-3040, CVE-2022-3041, CVE-2022-3042, CVE-2022-3043, CVE-2022-3044, CVE-2022-3045, CVE-2022-3046, CVE-2022-3047, CVE-2022-3048, CVE-2022-3049, CVE-2022-3050, CVE-2022-3051, CVE-2022-3052, CVE-2022-3053, CVE-2022-3054, CVE-2022-3055, CVE-2022-3056, CVE-2022-3057, CVE-2022-3058, CVE-2022-3071) <www-client/chromium-105.0.5195.52 <www-client/chromium-bin-105.0.5195.125 <www-client/google-chrome-105.0.5195.52: Multiple vulnerabilities

Bug 868354 (CVE-2022-3038, CVE-2022-3039, CVE-2022-3040, CVE-2022-3041, CVE-2022-3042, CVE-2022-3043, CVE-2022-3044, CVE-2022-3045, CVE-2022-3046, CVE-2022-3047, CVE-2022-3048, CVE-2022-3049, CVE-2022-3050, CVE-2022-3051, CVE-2022-3052, CVE-2022-3053, CVE-2022-3054, CVE-2022-3055, CVE-2022-3056, CVE-2022-3057, CVE-2022-3058, CVE-2022-3071) - <www-client/chromium-105.0.5195.52 <www-client/chromium-bin-105.0.5195.125 <www-client/google-chrome-105.0.5195.52: Multiple vulnerabilities

Summary: <www-client/chromium-105.0.5195.52 <www-client/chromium-bin-105.0.5195.125 <w...

Status:	RESOLVED FIXED

Alias:	CVE-2022-3038, CVE-2022-3039, CVE-2022-3040, CVE-2022-3041, CVE-2022-3042, CVE-2022-3043, CVE-2022-3044, CVE-2022-3045, CVE-2022-3046, CVE-2022-3047, CVE-2022-3048, CVE-2022-3049, CVE-2022-3050, CVE-2022-3051, CVE-2022-3052, CVE-2022-3053, CVE-2022-3054, CVE-2022-3055, CVE-2022-3056, CVE-2022-3057, CVE-2022-3058, CVE-2022-3071

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [glsa+]
Keywords:

Depends on:	CVE-2022-3075 868351
Blocks:
	Show dependency tree

Reported:	2022-09-04 04:50 UTC by Sam James
Modified:	2022-09-29 14:53 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2022-09-04 04:50:52 UTC

See https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html.

[$NA][1340253] Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28

[$10000][1343348] High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11

[$9000][1341539] High CVE-2022-3040: Use after free in Layout. Reported by Anonymous on 2022-07-03

[$7500][1345947] High CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20

[$5000][1338553] High CVE-2022-3042: Use after free in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22

[$3000][1336979] High CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel on 2022-06-16

[$NA][1051198] High CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12

[$TBD][1339648] High CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis <info@bnoordhuis.nl> on 2022-06-26

[$TBD][1346245] High CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI on 2022-07-21

[$3000][1333995] High CVE-2022-3071: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-06-06

[$7000][1342586] Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer on 2022-07-07

[$5000][1303308] Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess on 2022-03-06

[$3000][1316892] Medium CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel on 2022-04-17

[$3000][1337132] Medium CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab on 2022-06-17

[$2000][1345245] Medium CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel on 2022-07-18

[$2000][1346154] Medium CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani on 2022-07-21

[$TBD][1267867] Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios) on 2021-11-08

[$TBD][1290236] Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li on 2022-01-24

[$TBD][1351969] Medium CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11

[$3000][1329460] Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous on 2022-05-26

[$2000][1336904] Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes on 2022-06-16

[$1000][1337676] Low CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-06-20

Comment 1 Larry the Git Cow gentoo-dev

2022-09-22 18:17:14 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b405ff8995606331c646596b7c7d7850fccead51

commit b405ff8995606331c646596b7c7d7850fccead51
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-09-22 18:17:04 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-09-22 18:17:04 +0000

    www-client/chromium: drop 104.0.5112.101
    
    Bug: https://bugs.gentoo.org/868354
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                       |    2 -
 www-client/chromium/chromium-104.0.5112.101.ebuild | 1194 --------------------
 .../chromium-104-swiftshader-no-wayland.patch      |   52 -
 .../chromium/files/chromium-104-v8-neon.patch      |   72 --
 4 files changed, 1320 deletions(-)

Comment 2 John Helmert III archtester

2022-09-26 13:48:29 UTC

GLSA request filed

Comment 3 Larry the Git Cow gentoo-dev

2022-09-29 14:48:32 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=31ae708a90dd2ca9e628226aec8c4362dffb1794

commit 31ae708a90dd2ca9e628226aec8c4362dffb1794
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-09-29 14:24:25 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-09-29 14:48:01 +0000

    [ GLSA 202209-23 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/868156
    Bug: https://bugs.gentoo.org/868354
    Bug: https://bugs.gentoo.org/870142
    Bug: https://bugs.gentoo.org/872407
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202209-23.xml | 112 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 112 insertions(+)

Comment 4 John Helmert III archtester

2022-09-29 14:53:25 UTC

GLSA released, all done!