Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: glsamaker@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202208-35 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Date: Sun, 21 Aug 2022 06:13:25
Message-Id: 166106235848.12.11430112748457443005@7b72ab9f548d
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202208-35
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
9 Date: August 21, 2022
10 Bugs: #858104, #859442, #863512, #865501, #864723
11 ID: 202208-35
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and its
19 derivatives, the worst of which could result in remote code execution.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Google Chrome is one fast, simple, and secure browser for all your
28 devices.
29
30 Microsoft Edge is a browser that combines a minimal design with
31 sophisticated technology to make the web faster, safer, and easier.
32
33 Affected packages
34 =================
35
36 -------------------------------------------------------------------
37 Package / Vulnerable / Unaffected
38 -------------------------------------------------------------------
39 1 www-client/chromium < 104.0.5112.101 >= 104.0.5112.101
40 2 www-client/chromium-bin < 104.0.5112.101 >= 104.0.5112.101
41 3 www-client/google-chrome < 104.0.5112.101 >= 104.0.5112.101
42 4 www-client/microsoft-edge < 104.0.1293.63 >= 104.0.1293.63
43
44 Description
45 ===========
46
47 Multiple vulnerabilities have been discovered in Chromium and its
48 derivatives. Please review the CVE identifiers referenced below for
49 details.
50
51 Impact
52 ======
53
54 Please review the referenced CVE identifiers for details.
55
56 Workaround
57 ==========
58
59 There is no known workaround at this time.
60
61 Resolution
62 ==========
63
64 All Chromium users should upgrade to the latest version:
65
66 # emerge --sync
67 # emerge --ask --oneshot --verbose ">=www-client/chromium-104.0.5112.101"
68
69 All Chromium binary users should upgrade to the latest version:
70
71 # emerge --sync
72 # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-104.0.5112.101"
73
74 All Google Chrome users should upgrade to tha latest version:
75
76 # emerge --sync
77 # emerge --ask --oneshot --verbose ">=www-client/google-chrome-104.0.5112.101"
78
79 All Microsoft Edge users should upgrade to tha latest version:
80
81 # emerge --sync
82 # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-104.0.1293.63"
83
84 References
85 ==========
86
87 [ 1 ] CVE-2022-2163
88 https://nvd.nist.gov/vuln/detail/CVE-2022-2163
89 [ 2 ] CVE-2022-2294
90 https://nvd.nist.gov/vuln/detail/CVE-2022-2294
91 [ 3 ] CVE-2022-2295
92 https://nvd.nist.gov/vuln/detail/CVE-2022-2295
93 [ 4 ] CVE-2022-2296
94 https://nvd.nist.gov/vuln/detail/CVE-2022-2296
95 [ 5 ] CVE-2022-2477
96 https://nvd.nist.gov/vuln/detail/CVE-2022-2477
97 [ 6 ] CVE-2022-2478
98 https://nvd.nist.gov/vuln/detail/CVE-2022-2478
99 [ 7 ] CVE-2022-2479
100 https://nvd.nist.gov/vuln/detail/CVE-2022-2479
101 [ 8 ] CVE-2022-2480
102 https://nvd.nist.gov/vuln/detail/CVE-2022-2480
103 [ 9 ] CVE-2022-2481
104 https://nvd.nist.gov/vuln/detail/CVE-2022-2481
105 [ 10 ] CVE-2022-2603
106 https://nvd.nist.gov/vuln/detail/CVE-2022-2603
107 [ 11 ] CVE-2022-2604
108 https://nvd.nist.gov/vuln/detail/CVE-2022-2604
109 [ 12 ] CVE-2022-2605
110 https://nvd.nist.gov/vuln/detail/CVE-2022-2605
111 [ 13 ] CVE-2022-2606
112 https://nvd.nist.gov/vuln/detail/CVE-2022-2606
113 [ 14 ] CVE-2022-2607
114 https://nvd.nist.gov/vuln/detail/CVE-2022-2607
115 [ 15 ] CVE-2022-2608
116 https://nvd.nist.gov/vuln/detail/CVE-2022-2608
117 [ 16 ] CVE-2022-2609
118 https://nvd.nist.gov/vuln/detail/CVE-2022-2609
119 [ 17 ] CVE-2022-2610
120 https://nvd.nist.gov/vuln/detail/CVE-2022-2610
121 [ 18 ] CVE-2022-2611
122 https://nvd.nist.gov/vuln/detail/CVE-2022-2611
123 [ 19 ] CVE-2022-2612
124 https://nvd.nist.gov/vuln/detail/CVE-2022-2612
125 [ 20 ] CVE-2022-2613
126 https://nvd.nist.gov/vuln/detail/CVE-2022-2613
127 [ 21 ] CVE-2022-2614
128 https://nvd.nist.gov/vuln/detail/CVE-2022-2614
129 [ 22 ] CVE-2022-2615
130 https://nvd.nist.gov/vuln/detail/CVE-2022-2615
131 [ 23 ] CVE-2022-2616
132 https://nvd.nist.gov/vuln/detail/CVE-2022-2616
133 [ 24 ] CVE-2022-2617
134 https://nvd.nist.gov/vuln/detail/CVE-2022-2617
135 [ 25 ] CVE-2022-2618
136 https://nvd.nist.gov/vuln/detail/CVE-2022-2618
137 [ 26 ] CVE-2022-2619
138 https://nvd.nist.gov/vuln/detail/CVE-2022-2619
139 [ 27 ] CVE-2022-2620
140 https://nvd.nist.gov/vuln/detail/CVE-2022-2620
141 [ 28 ] CVE-2022-2621
142 https://nvd.nist.gov/vuln/detail/CVE-2022-2621
143 [ 29 ] CVE-2022-2622
144 https://nvd.nist.gov/vuln/detail/CVE-2022-2622
145 [ 30 ] CVE-2022-2623
146 https://nvd.nist.gov/vuln/detail/CVE-2022-2623
147 [ 31 ] CVE-2022-2624
148 https://nvd.nist.gov/vuln/detail/CVE-2022-2624
149 [ 32 ] CVE-2022-2852
150 https://nvd.nist.gov/vuln/detail/CVE-2022-2852
151 [ 33 ] CVE-2022-2853
152 https://nvd.nist.gov/vuln/detail/CVE-2022-2853
153 [ 34 ] CVE-2022-2854
154 https://nvd.nist.gov/vuln/detail/CVE-2022-2854
155 [ 35 ] CVE-2022-2855
156 https://nvd.nist.gov/vuln/detail/CVE-2022-2855
157 [ 36 ] CVE-2022-2856
158 https://nvd.nist.gov/vuln/detail/CVE-2022-2856
159 [ 37 ] CVE-2022-2857
160 https://nvd.nist.gov/vuln/detail/CVE-2022-2857
161 [ 38 ] CVE-2022-2858
162 https://nvd.nist.gov/vuln/detail/CVE-2022-2858
163 [ 39 ] CVE-2022-2859
164 https://nvd.nist.gov/vuln/detail/CVE-2022-2859
165 [ 40 ] CVE-2022-2860
166 https://nvd.nist.gov/vuln/detail/CVE-2022-2860
167 [ 41 ] CVE-2022-2861
168 https://nvd.nist.gov/vuln/detail/CVE-2022-2861
169 [ 42 ] CVE-2022-33636
170 https://nvd.nist.gov/vuln/detail/CVE-2022-33636
171 [ 43 ] CVE-2022-33649
172 https://nvd.nist.gov/vuln/detail/CVE-2022-33649
173 [ 44 ] CVE-2022-35796
174 https://nvd.nist.gov/vuln/detail/CVE-2022-35796
175
176 Availability
177 ============
178
179 This GLSA and any updates to it are available for viewing at
180 the Gentoo Security Website:
181
182 https://security.gentoo.org/glsa/202208-35
183
184 Concerns?
185 =========
186
187 Security is a primary focus of Gentoo Linux and ensuring the
188 confidentiality and security of our users' machines is of utmost
189 importance to us. Any security concerns should be addressed to
190 security@g.o or alternatively, you may file a bug at
191 https://bugs.gentoo.org.
192
193 License
194 =======
195
196 Copyright 2022 Gentoo Foundation, Inc; referenced text
197 belongs to its owner(s).
198
199 The contents of this document are licensed under the
200 Creative Commons - Attribution / Share Alike license.
201
202 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups