https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html Google is aware that an exploit for CVE-2023-2136 exists in the wild. [$8000][1429197] High CVE-2023-2133: Out of bounds memory access in Service Worker API. [$8000][1429201] High CVE-2023-2134: Out of bounds memory access in Service Worker API. [$3000][1424337] High CVE-2023-2135: Use after free in DevTools. [$NA][1432603] High CVE-2023-2136: Integer overflow in Skia. [$1000][1430644] Medium CVE-2023-2137: Heap buffer overflow in sqlite.
fwiw we use < ... in the summary when there's a fixed version in tree
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b80bfab7c8aba8c3a358b2fa87a1e00e335376d3 commit b80bfab7c8aba8c3a358b2fa87a1e00e335376d3 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2023-04-22 23:26:46 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2023-04-22 23:28:44 +0000 www-client/chromium: add 112.0.5615.165 Bug: https://bugs.gentoo.org/904455 Bug: https://bugs.gentoo.org/904725 Bug: https://bugs.gentoo.org/904560 Signed-off-by: Mike Gilbert <floppym@gentoo.org> www-client/chromium/Manifest | 1 + www-client/chromium/chromium-112.0.5615.165.ebuild | 1259 ++++++++++++++++++++ .../chromium/files/chromium-112-swiftshader.patch | 74 ++ 3 files changed, 1334 insertions(+)
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab0da6660785c2f89a93ffda79f5ec7169378003 commit ab0da6660785c2f89a93ffda79f5ec7169378003 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-06-10 05:29:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-06-10 05:30:32 +0000 www-client/chromium: drop 112.0.5615.165, 113.0.5672.63, 113.0.5672.92 Bug: https://bugs.gentoo.org/906586 Bug: https://bugs.gentoo.org/905620 Bug: https://bugs.gentoo.org/904560 Signed-off-by: Sam James <sam@gentoo.org> www-client/chromium/Manifest | 4 - www-client/chromium/chromium-112.0.5615.165.ebuild | 1261 ------------------- www-client/chromium/chromium-113.0.5672.63.ebuild | 1265 -------------------- www-client/chromium/chromium-113.0.5672.92.ebuild | 1265 -------------------- .../chromium/files/chromium-112-compiler.patch | 256 ---- .../files/chromium-112-gcc-mno-outline.patch | 29 - .../chromium/files/chromium-112-libstdc++-1.patch | 59 - .../chromium/files/chromium-112-libstdc++.patch | 63 - .../chromium/files/chromium-112-sql-relax.patch | 46 - .../chromium/files/chromium-112-swiftshader.patch | 122 -- 10 files changed, 4370 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=de793de405f9e13d0d29d94de3f236ce0b5b3338 commit de793de405f9e13d0d29d94de3f236ce0b5b3338 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-30 08:56:23 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-09-30 08:57:27 +0000 [ GLSA 202309-17 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/893660 Bug: https://bugs.gentoo.org/904252 Bug: https://bugs.gentoo.org/904394 Bug: https://bugs.gentoo.org/904560 Bug: https://bugs.gentoo.org/905297 Bug: https://bugs.gentoo.org/905620 Bug: https://bugs.gentoo.org/905883 Bug: https://bugs.gentoo.org/906586 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202309-17.xml | 152 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 152 insertions(+)