[1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16 [1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07 [1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30 [1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28 [1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05 [1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17 [1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17 [1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18 [1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26 [1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10 [1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23 [1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24 [1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18 [1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf7fc6e838f669c503dd127107a8e9f85ca2f951 commit bf7fc6e838f669c503dd127107a8e9f85ca2f951 Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2023-01-14 08:36:30 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2023-01-14 08:37:55 +0000 www-client/chromium: promote M109 to stable Closes: https://bugs.gentoo.org/890064 Bug: https://bugs.gentoo.org/884419 Bug: https://bugs.gentoo.org/890726 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/Manifest | 2 +- ....74.ebuild => chromium-109.0.5414.74-r1.ebuild} | 18 +++---- .../chromium/files/chromium-109-system-icu.patch | 58 ++++++++++++++++++++++ 3 files changed, 67 insertions(+), 11 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd67ac969c0a0f780e495496ca476c40495af7dc commit dd67ac969c0a0f780e495496ca476c40495af7dc Author: Stephan Hartmann <sultan@gentoo.org> AuthorDate: 2023-01-18 17:28:58 +0000 Commit: Stephan Hartmann <sultan@gentoo.org> CommitDate: 2023-01-18 17:29:05 +0000 www-client/chromium: drop 108.0.5359.124 Bug: https://bugs.gentoo.org/890726 Signed-off-by: Stephan Hartmann <sultan@gentoo.org> www-client/chromium/Manifest | 3 - www-client/chromium/chromium-108.0.5359.124.ebuild | 1242 -------------------- .../chromium/files/chromium-107-system-zlib.patch | 10 - .../chromium-108-DocumentLoader-private.patch | 36 - ...8-revert-GlobalMediaControlsCastStartStop.patch | 35 - 5 files changed, 1326 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3df173efb2982a5d08d6bff00cd84eb619e793cd commit 3df173efb2982a5d08d6bff00cd84eb619e793cd Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 09:53:05 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 09:54:22 +0000 [ GLSA 202305-10 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/876855 Bug: https://bugs.gentoo.org/878825 Bug: https://bugs.gentoo.org/883031 Bug: https://bugs.gentoo.org/883697 Bug: https://bugs.gentoo.org/885851 Bug: https://bugs.gentoo.org/886479 Bug: https://bugs.gentoo.org/890726 Bug: https://bugs.gentoo.org/890728 Bug: https://bugs.gentoo.org/891501 Bug: https://bugs.gentoo.org/891503 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-10.xml | 143 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+)