From https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html: [$7000][1383991] High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15 [$6000][1394692] High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30 [$1500][1381871] High CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07 [$TBD][1392661] High CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22 [$3000][1382761] Medium CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b32df5d20c6bab3c3a2ff4bd21c1df05215997e commit 4b32df5d20c6bab3c3a2ff4bd21c1df05215997e Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-15 03:18:03 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-15 03:43:25 +0000 www-client/chromium: add 108.0.5359.124 Bug: https://bugs.gentoo.org/885851 Signed-off-by: Sam James <sam@gentoo.org> www-client/chromium/Manifest | 1 + www-client/chromium/chromium-108.0.5359.124.ebuild | 1229 ++++++++++++++++++++ 2 files changed, 1230 insertions(+)
Still waiting on a fixed Edge, right?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d946ab0370444ee110abb191ee2eaec3e734b594 commit d946ab0370444ee110abb191ee2eaec3e734b594 Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2022-12-17 19:31:37 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2022-12-17 19:31:51 +0000 www-client/chromium: drop 108.0.5359.98 Bug: https://bugs.gentoo.org/885851 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/Manifest | 1 - www-client/chromium/chromium-108.0.5359.98.ebuild | 1229 --------------------- 2 files changed, 1230 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3df173efb2982a5d08d6bff00cd84eb619e793cd commit 3df173efb2982a5d08d6bff00cd84eb619e793cd Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 09:53:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 09:54:22 +0000 [ GLSA 202305-10 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/876855 Bug: https://bugs.gentoo.org/878825 Bug: https://bugs.gentoo.org/883031 Bug: https://bugs.gentoo.org/883697 Bug: https://bugs.gentoo.org/885851 Bug: https://bugs.gentoo.org/886479 Bug: https://bugs.gentoo.org/890726 Bug: https://bugs.gentoo.org/890728 Bug: https://bugs.gentoo.org/891501 Bug: https://bugs.gentoo.org/891503 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-10.xml | 143 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+)
