Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 873817 (CVE-2022-3370, CVE-2022-3373) - <www-client/chromium-106.0.5249.91 <www-client/chromium-bin-106.0.5249.91 <www-client/google-chrome-106.0.5249.91 <www-client/microsoft-edge-106.0.1370.37: Multiple vulnerabilities
Summary: <www-client/chromium-106.0.5249.91 <www-client/chromium-bin-106.0.5249.91 <ww...
Status: RESOLVED FIXED
Alias: CVE-2022-3370, CVE-2022-3373
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://chromereleases.googleblog.com...
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 873820 875644
Blocks:
  Show dependency tree
 
Reported: 2022-10-01 10:02 UTC by Stephan Hartmann (RETIRED)
Modified: 2022-11-29 21:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Hartmann (RETIRED) gentoo-dev 2022-10-01 10:02:59 UTC 
[1366813] High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22

[1366399] High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-09 16:47:09 UTC 
Still waiting on Edge, I guess?
Comment 2 Larry the Git Cow gentoo-dev 2022-10-09 16:52:44 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e8098ff475a9a3db44bf6f5d659ea97784f3deb

commit 1e8098ff475a9a3db44bf6f5d659ea97784f3deb
Author:     Stephan Hartmann <sultan@gentoo.org>
AuthorDate: 2022-10-09 16:51:43 +0000
Commit:     Stephan Hartmann <sultan@gentoo.org>
CommitDate: 2022-10-09 16:51:50 +0000

    www-client/chromium: drop 106.0.5249.61, 106.0.5249.91
    
    Bug: https://bugs.gentoo.org/873817
    Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

 www-client/chromium/Manifest                      |    2 -
 www-client/chromium/chromium-106.0.5249.61.ebuild | 1189 ---------------------
 www-client/chromium/chromium-106.0.5249.91.ebuild | 1189 ---------------------
 3 files changed, 2380 deletions(-)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-14 16:06:24 UTC 
GLSA request filed
Comment 4 Larry the Git Cow gentoo-dev 2022-10-31 01:42:34 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=dfce1d922a94358986e3eff8611ec64f6ed883e9

commit dfce1d922a94358986e3eff8611ec64f6ed883e9
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-10-31 01:11:15 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-31 01:40:15 +0000

    [ GLSA 202210-16 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/873217
    Bug: https://bugs.gentoo.org/873817
    Bug: https://bugs.gentoo.org/874855
    Bug: https://bugs.gentoo.org/876855
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-16.xml | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 106 insertions(+)
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-31 02:18:54 UTC 
GLSA released, all done!