[1358907] High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01 [1343104] High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09 [1319229] High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24 [1320139] High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27 [1323488] High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08 [1342722] Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08 [1348415] Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29 [1240065] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16 [1302813] Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04 [1303306] Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06 [1317904] Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20 [1328708] Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24 [1322812] Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05 [1333623] Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07 [1300539] Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24 [1318791] Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a634979cfccf3a758b953f30df483d044396c2dd commit a634979cfccf3a758b953f30df483d044396c2dd Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2022-10-01 09:57:57 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2022-10-01 09:58:11 +0000 www-client/chromium: drop 105.0.5195.125 Bug: https://bugs.gentoo.org/873217 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/Manifest | 2 - www-client/chromium/chromium-105.0.5195.125.ebuild | 1186 -------------------- .../files/chromium-104-tflite-system-zlib.patch | 70 -- 3 files changed, 1258 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=dfce1d922a94358986e3eff8611ec64f6ed883e9 commit dfce1d922a94358986e3eff8611ec64f6ed883e9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:11:15 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:15 +0000 [ GLSA 202210-16 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/873217 Bug: https://bugs.gentoo.org/873817 Bug: https://bugs.gentoo.org/874855 Bug: https://bugs.gentoo.org/876855 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-16.xml | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+)
GLSA released, all done!
