[1364604] High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16 [1368076] High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26 [1366582] High CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22 [1363040] High CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13 [1364662] High CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17 [1369882] High CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30
For Edge, as of the 11th, "Microsoft is aware of the recent Chromium security fixes. We are actively working on releasing a security fix." https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#october-11-2022 So still blocked here on Edge I guess. Hopefully they'll release soon.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=dfce1d922a94358986e3eff8611ec64f6ed883e9 commit dfce1d922a94358986e3eff8611ec64f6ed883e9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:11:15 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:15 +0000 [ GLSA 202210-16 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/873217 Bug: https://bugs.gentoo.org/873817 Bug: https://bugs.gentoo.org/874855 Bug: https://bugs.gentoo.org/876855 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-16.xml | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+)
@Stephan Hartmann: Are we going to see a release for chromium-bin that addresses all the latest known CVEs?
(In reply to devsk from comment #3) > @Stephan Hartmann: Are we going to see a release for chromium-bin that > addresses all the latest known CVEs? The summary indicates that the fixed versions for Chrome, Chromium, and chromium-bin are 106.0.5249.119. Thus, all of these packages is fixed in tree. What do you mean?
Stephan, The current recommended version for Linux is 107.0.5304.121 as per https://amp-thehackernews-com.cdn.ampproject.org/c/s/amp.thehackernews.com/thn/2022/11/update-chrome-browser-now-to-patch-new.html I think there are more 0-day CVEs which need to be addressed than this bug is listing.
(In reply to devsk from comment #5) > Stephan, The current recommended version for Linux is 107.0.5304.121 as per > https://amp-thehackernews-com.cdn.ampproject.org/c/s/amp.thehackernews.com/ > thn/2022/11/update-chrome-browser-now-to-patch-new.html > > I think there are more 0-day CVEs which need to be addressed than this bug > is listing. I'm not clicking the Google AMP link, but that version is wrong (or at least outdated) even though that apparently posted today. We need a bump to 108.0.5359.71 according to bug 883697.
The point is that both of these versions: /usr/portage/www-client/chromium-bin/: total 32 -rw-r--r-- 1 root root 480 May 25 2022 metadata.xml -rw-r--r-- 1 root root 7288 Oct 15 20:10 chromium-bin-107.0.5304.29-r1.ebuild -rw-r--r-- 1 root root 7244 Oct 15 20:10 chromium-bin-106.0.5249.119.ebuild have several 0-day CVEs. We should move quickly.
(In reply to devsk from comment #7) > The point is that both of these versions: > > /usr/portage/www-client/chromium-bin/: > total 32 > -rw-r--r-- 1 root root 480 May 25 2022 metadata.xml > -rw-r--r-- 1 root root 7288 Oct 15 20:10 > chromium-bin-107.0.5304.29-r1.ebuild > -rw-r--r-- 1 root root 7244 Oct 15 20:10 chromium-bin-106.0.5249.119.ebuild > > have several 0-day CVEs. We should move quickly. Patches welcome. The scripts that generate chromium-bin binaries are in chromiumm-tools.git.
(In reply to John Helmert III from comment #8) > (In reply to devsk from comment #7) > > The point is that both of these versions: > > > > /usr/portage/www-client/chromium-bin/: > > total 32 > > -rw-r--r-- 1 root root 480 May 25 2022 metadata.xml > > -rw-r--r-- 1 root root 7288 Oct 15 20:10 > > chromium-bin-107.0.5304.29-r1.ebuild > > -rw-r--r-- 1 root root 7244 Oct 15 20:10 chromium-bin-106.0.5249.119.ebuild > > > > have several 0-day CVEs. We should move quickly. > > Patches welcome. The scripts that generate chromium-bin binaries are in > chromiumm-tools.git. These are binary builds hosted by Stephan, right? Is he no longer maintaining these? Are you asking me if I want to build and host binaries for these?
Due to being hard to effectively track, lets drop Edge here. It's seen many releases which "incorporate the latest Security Updates of the Chromium project" since this bug was opened. GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3df173efb2982a5d08d6bff00cd84eb619e793cd commit 3df173efb2982a5d08d6bff00cd84eb619e793cd Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 09:53:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 09:54:22 +0000 [ GLSA 202305-10 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/876855 Bug: https://bugs.gentoo.org/878825 Bug: https://bugs.gentoo.org/883031 Bug: https://bugs.gentoo.org/883697 Bug: https://bugs.gentoo.org/885851 Bug: https://bugs.gentoo.org/886479 Bug: https://bugs.gentoo.org/890726 Bug: https://bugs.gentoo.org/890728 Bug: https://bugs.gentoo.org/891501 Bug: https://bugs.gentoo.org/891503 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-10.xml | 143 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+)