Home / mailingsPDF  

[gentoo-announce] [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities

Posted on 14 August 2022
Gentoo-announce

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202208-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
Date: August 14, 2022
Bugs: #828519, #834477, #835397, #836011, #836381, #836777, #838049, #838433, #841371, #843728, #847370, #851003, #853643, #773040, #787950, #800181, #810781, #815397, #829161, #835761, #836830, #847613, #853229, #837497, #838682, #843035, #848864, #851009, #854372
ID: 202208-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========
Multiple vulnerabilities have been found in Chromium and its
derivatives, the worst of which could result in remote code execution.

Background
==========
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your
devices.

Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.

Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-qt/qtwebengine < 5.15.5_p20220618>= 5.15.5_p20220618
2 www-client/chromium < 103.0.5060.53 >= 103.0.5060.53
3 www-client/google-chrome < 103.0.5060.53 >= 103.0.5060.53
4 www-client/microsoft-edge < 101.0.1210.47 >= 101.0.1210.47

Description
===========
Multiple vulnerabilities have been discovered in Chromium and its
derivatives. Please review the CVE identifiers referenced below for
details.

Impact
======
Please review the referenced CVE identifiers for details.

Workaround
==========
There is no known workaround at this time.

Resolution
==========
All Chromium users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"

All Chromium binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-bin-103.0.5060.53"

All Google Chrome users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-103.0.5060.53"

All Microsoft Edge users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"

All QtWebEngine users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.5_p20220618"

References
==========
[ 1 ] CVE-2021-4052
https://nvd.nist.gov/vuln/detail/CVE-2021-4052
[ 2 ] CVE-2021-4053
https://nvd.nist.gov/vuln/detail/CVE-2021-4053
[ 3 ] CVE-2021-4054
https://nvd.nist.gov/vuln/detail/CVE-2021-4054
[ 4 ] CVE-2021-4055
https://nvd.nist.gov/vuln/detail/CVE-2021-4055
[ 5 ] CVE-2021-4056
https://nvd.nist.gov/vuln/detail/CVE-2021-4056
[ 6 ] CVE-2021-4057
https://nvd.nist.gov/vuln/detail/CVE-2021-4057
[ 7 ] CVE-2021-4058
https://nvd.nist.gov/vuln/detail/CVE-2021-4058
[ 8 ] CVE-2021-4059
https://nvd.nist.gov/vuln/detail/CVE-2021-4059
[ 9 ] CVE-2021-4061
https://nvd.nist.gov/vuln/detail/CVE-2021-4061
[ 10 ] CVE-2021-4062
https://nvd.nist.gov/vuln/detail/CVE-2021-4062
[ 11 ] CVE-2021-4063
https://nvd.nist.gov/vuln/detail/CVE-2021-4063
[ 12 ] CVE-2021-4064
https://nvd.nist.gov/vuln/detail/CVE-2021-4064
[ 13 ] CVE-2021-4065
https://nvd.nist.gov/vuln/detail/CVE-2021-4065
[ 14 ] CVE-2021-4066
https://nvd.nist.gov/vuln/detail/CVE-2021-4066
[ 15 ] CVE-2021-4067
https://nvd.nist.gov/vuln/detail/CVE-2021-4067
[ 16 ] CVE-2021-4068
https://nvd.nist.gov/vuln/detail/CVE-2021-4068
[ 17 ] CVE-2021-4078
https://nvd.nist.gov/vuln/detail/CVE-2021-4078
[ 18 ] CVE-2021-4079
https://nvd.nist.gov/vuln/detail/CVE-2021-4079
[ 19 ] CVE-2021-30551
https://nvd.nist.gov/vuln/detail/CVE-2021-30551
[ 20 ] CVE-2022-0789
https://nvd.nist.gov/vuln/detail/CVE-2022-0789
[ 21 ] CVE-2022-0790
https://nvd.nist.gov/vuln/detail/CVE-2022-0790
[ 22 ] CVE-2022-0791
https://nvd.nist.gov/vuln/detail/CVE-2022-0791
[ 23 ] CVE-2022-0792
https://nvd.nist.gov/vuln/detail/CVE-2022-0792
[ 24 ] CVE-2022-0793
https://nvd.nist.gov/vuln/detail/CVE-2022-0793
[ 25 ] CVE-2022-0794
https://nvd.nist.gov/vuln/detail/CVE-2022-0794
[ 26 ] CVE-2022-0795
https://nvd.nist.gov/vuln/detail/CVE-2022-0795
[ 27 ] CVE-2022-0796
https://nvd.nist.gov/vuln/detail/CVE-2022-0796
[ 28 ] CVE-2022-0797
https://nvd.nist.gov/vuln/detail/CVE-2022-0797
[ 29 ] CVE-2022-0798
https://nvd.nist.gov/vuln/detail/CVE-2022-0798
[ 30 ] CVE-2022-0799
https://nvd.nist.gov/vuln/detail/CVE-2022-0799
[ 31 ] CVE-2022-0800
https://nvd.nist.gov/vuln/detail/CVE-2022-0800
[ 32 ] CVE-2022-0801
https://nvd.nist.gov/vuln/detail/CVE-2022-0801
[ 33 ] CVE-2022-0802
https://nvd.nist.gov/vuln/detail/CVE-2022-0802
[ 34 ] CVE-2022-0803
https://nvd.nist.gov/vuln/detail/CVE-2022-0803
[ 35 ] CVE-2022-0804
https://nvd.nist.gov/vuln/detail/CVE-2022-0804
[ 36 ] CVE-2022-0805
https://nvd.nist.gov/vuln/detail/CVE-2022-0805
[ 37 ] CVE-2022-0806
https://nvd.nist.gov/vuln/detail/CVE-2022-0806
[ 38 ] CVE-2022-0807
https://nvd.nist.gov/vuln/detail/CVE-2022-0807
[ 39 ] CVE-2022-0808
https://nvd.nist.gov/vuln/detail/CVE-2022-0808
[ 40 ] CVE-2022-0809
https://nvd.nist.gov/vuln/detail/CVE-2022-0809
[ 41 ] CVE-2022-0971
https://nvd.nist.gov/vuln/detail/CVE-2022-0971
[ 42 ] CVE-2022-0972
https://nvd.nist.gov/vuln/detail/CVE-2022-0972
[ 43 ] CVE-2022-0973
https://nvd.nist.gov/vuln/detail/CVE-2022-0973
[ 44 ] CVE-2022-0974
https://nvd.nist.gov/vuln/detail/CVE-2022-0974
[ 45 ] CVE-2022-0975
https://nvd.nist.gov/vuln/detail/CVE-2022-0975
[ 46 ] CVE-2022-0976
https://nvd.nist.gov/vuln/detail/CVE-2022-0976
[ 47 ] CVE-2022-0977
https://nvd.nist.gov/vuln/detail/CVE-2022-0977
[ 48 ] CVE-2022-0978
https://nvd.nist.gov/vuln/detail/CVE-2022-0978
[ 49 ] CVE-2022-0979
https://nvd.nist.gov/vuln/detail/CVE-2022-0979
[ 50 ] CVE-2022-0980
https://nvd.nist.gov/vuln/detail/CVE-2022-0980
[ 51 ] CVE-2022-1096
https://nvd.nist.gov/vuln/detail/CVE-2022-1096
[ 52 ] CVE-2022-1125
https://nvd.nist.gov/vuln/detail/CVE-2022-1125
[ 53 ] CVE-2022-1127
https://nvd.nist.gov/vuln/detail/CVE-2022-1127
[ 54 ] CVE-2022-1128
https://nvd.nist.gov/vuln/detail/CVE-2022-1128
[ 55 ] CVE-2022-1129
https://nvd.nist.gov/vuln/detail/CVE-2022-1129
[ 56 ] CVE-2022-1130
https://nvd.nist.gov/vuln/detail/CVE-2022-1130
[ 57 ] CVE-2022-1131
https://nvd.nist.gov/vuln/detail/CVE-2022-1131
[ 58 ] CVE-2022-1132
https://nvd.nist.gov/vuln/detail/CVE-2022-1132
[ 59 ] CVE-2022-1133
https://nvd.nist.gov/vuln/detail/CVE-2022-1133
[ 60 ] CVE-2022-1134
https://nvd.nist.gov/vuln/detail/CVE-2022-1134
[ 61 ] CVE-2022-1135
https://nvd.nist.gov/vuln/detail/CVE-2022-1135
[ 62 ] CVE-2022-1136
https://nvd.nist.gov/vuln/detail/CVE-2022-1136
[ 63 ] CVE-2022-1137
https://nvd.nist.gov/vuln/detail/CVE-2022-1137
[ 64 ] CVE-2022-1138
https://nvd.nist.gov/vuln/detail/CVE-2022-1138
[ 65 ] CVE-2022-1139
https://nvd.nist.gov/vuln/detail/CVE-2022-1139
[ 66 ] CVE-2022-1141
https://nvd.nist.gov/vuln/detail/CVE-2022-1141
[ 67 ] CVE-2022-1142
https://nvd.nist.gov/vuln/detail/CVE-2022-1142
[ 68 ] CVE-2022-1143
https://nvd.nist.gov/vuln/detail/CVE-2022-1143
[ 69 ] CVE-2022-1144
https://nvd.nist.gov/vuln/detail/CVE-2022-1144
[ 70 ] CVE-2022-1145
https://nvd.nist.gov/vuln/detail/CVE-2022-1145
[ 71 ] CVE-2022-1146
https://nvd.nist.gov/vuln/detail/CVE-2022-1146
[ 72 ] CVE-2022-1232
https://nvd.nist.gov/vuln/detail/CVE-2022-1232
[ 73 ] CVE-2022-1305
https://nvd.nist.gov/vuln/detail/CVE-2022-1305
[ 74 ] CVE-2022-1306
https://nvd.nist.gov/vuln/detail/CVE-2022-1306
[ 75 ] CVE-2022-1307
https://nvd.nist.gov/vuln/detail/CVE-2022-1307
[ 76 ] CVE-2022-1308
https://nvd.nist.gov/vuln/detail/CVE-2022-1308
[ 77 ] CVE-2022-1309
https://nvd.nist.gov/vuln/detail/CVE-2022-1309
[ 78 ] CVE-2022-1310
https://nvd.nist.gov/vuln/detail/CVE-2022-1310
[ 79 ] CVE-2022-1311
https://nvd.nist.gov/vuln/detail/CVE-2022-1311
[ 80 ] CVE-2022-1312
https://nvd.nist.gov/vuln/detail/CVE-2022-1312
[ 81 ] CVE-2022-1313
https://nvd.nist.gov/vuln/detail/CVE-2022-1313
[ 82 ] CVE-2022-1314
https://nvd.nist.gov/vuln/detail/CVE-2022-1314
[ 83 ] CVE-2022-1364
https://nvd.nist.gov/vuln/detail/CVE-2022-1364
[ 84 ] CVE-2022-1477
https://nvd.nist.gov/vuln/detail/CVE-2022-1477
[ 85 ] CVE-2022-1478
https://nvd.nist.gov/vuln/detail/CVE-2022-1478
[ 86 ] CVE-2022-1479
https://nvd.nist.gov/vuln/detail/CVE-2022-1479
[ 87 ] CVE-2022-1480
https://nvd.nist.gov/vuln/detail/CVE-2022-1480
[ 88 ] CVE-2022-1481
https://nvd.nist.gov/vuln/detail/CVE-2022-1481
[ 89 ] CVE-2022-1482
https://nvd.nist.gov/vuln/detail/CVE-2022-1482
[ 90 ] CVE-2022-1483
https://nvd.nist.gov/vuln/detail/CVE-2022-1483
[ 91 ] CVE-2022-1484
https://nvd.nist.gov/vuln/detail/CVE-2022-1484
[ 92 ] CVE-2022-1485
https://nvd.nist.gov/vuln/detail/CVE-2022-1485
[ 93 ] CVE-2022-1486
https://nvd.nist.gov/vuln/detail/CVE-2022-1486
[ 94 ] CVE-2022-1487
https://nvd.nist.gov/vuln/detail/CVE-2022-1487
[ 95 ] CVE-2022-1488
https://nvd.nist.gov/vuln/detail/CVE-2022-1488
[ 96 ] CVE-2022-1489
https://nvd.nist.gov/vuln/detail/CVE-2022-1489
[ 97 ] CVE-2022-1490
https://nvd.nist.gov/vuln/detail/CVE-2022-1490
[ 98 ] CVE-2022-1491
https://nvd.nist.gov/vuln/detail/CVE-2022-1491
[ 99 ] CVE-2022-1492
https://nvd.nist.gov/vuln/detail/CVE-2022-1492
[ 100 ] CVE-2022-1493
https://nvd.nist.gov/vuln/detail/CVE-2022-1493
[ 101 ] CVE-2022-1494
https://nvd.nist.gov/vuln/detail/CVE-2022-1494
[ 102 ] CVE-2022-1495
https://nvd.nist.gov/vuln/detail/CVE-2022-1495
[ 103 ] CVE-2022-1496
https://nvd.nist.gov/vuln/detail/CVE-2022-1496
[ 104 ] CVE-2022-1497
https://nvd.nist.gov/vuln/detail/CVE-2022-1497
[ 105 ] CVE-2022-1498
https://nvd.nist.gov/vuln/detail/CVE-2022-1498
[ 106 ] CVE-2022-1499
https://nvd.nist.gov/vuln/detail/CVE-2022-1499
[ 107 ] CVE-2022-1500
https://nvd.nist.gov/vuln/detail/CVE-2022-1500
[ 108 ] CVE-2022-1501
https://nvd.nist.gov/vuln/detail/CVE-2022-1501
[ 109 ] CVE-2022-1633
https://nvd.nist.gov/vuln/detail/CVE-2022-1633
[ 110 ] CVE-2022-1634
https://nvd.nist.gov/vuln/detail/CVE-2022-1634
[ 111 ] CVE-2022-1635
https://nvd.nist.gov/vuln/detail/CVE-2022-1635
[ 112 ] CVE-2022-1636
https://nvd.nist.gov/vuln/detail/CVE-2022-1636
[ 113 ] CVE-2022-1637
https://nvd.nist.gov/vuln/detail/CVE-2022-1637
[ 114 ] CVE-2022-1639
https://nvd.nist.gov/vuln/detail/CVE-2022-1639
[ 115 ] CVE-2022-1640
https://nvd.nist.gov/vuln/detail/CVE-2022-1640
[ 116 ] CVE-2022-1641
https://nvd.nist.gov/vuln/detail/CVE-2022-1641
[ 117 ] CVE-2022-1853
https://nvd.nist.gov/vuln/detail/CVE-2022-1853
[ 118 ] CVE-2022-1854
https://nvd.nist.gov/vuln/detail/CVE-2022-1854
[ 119 ] CVE-2022-1855
https://nvd.nist.gov/vuln/detail/CVE-2022-1855
[ 120 ] CVE-2022-1856
https://nvd.nist.gov/vuln/detail/CVE-2022-1856
[ 121 ] CVE-2022-1857
https://nvd.nist.gov/vuln/detail/CVE-2022-1857
[ 122 ] CVE-2022-1858
https://nvd.nist.gov/vuln/detail/CVE-2022-1858
[ 123 ] CVE-2022-1859
https://nvd.nist.gov/vuln/detail/CVE-2022-1859
[ 124 ] CVE-2022-1860
https://nvd.nist.gov/vuln/detail/CVE-2022-1860
[ 125 ] CVE-2022-1861
https://nvd.nist.gov/vuln/detail/CVE-2022-1861
[ 126 ] CVE-2022-1862
https://nvd.nist.gov/vuln/detail/CVE-2022-1862
[ 127 ] CVE-2022-1863
https://nvd.nist.gov/vuln/detail/CVE-2022-1863
[ 128 ] CVE-2022-1864
https://nvd.nist.gov/vuln/detail/CVE-2022-1864
[ 129 ] CVE-2022-1865
https://nvd.nist.gov/vuln/detail/CVE-2022-1865
[ 130 ] CVE-2022-1866
https://nvd.nist.gov/vuln/detail/CVE-2022-1866
[ 131 ] CVE-2022-1867
https://nvd.nist.gov/vuln/detail/CVE-2022-1867
[ 132 ] CVE-2022-1868
https://nvd.nist.gov/vuln/detail/CVE-2022-1868
[ 133 ] CVE-2022-1869
https://nvd.nist.gov/vuln/detail/CVE-2022-1869
[ 134 ] CVE-2022-1870
https://nvd.nist.gov/vuln/detail/CVE-2022-1870
[ 135 ] CVE-2022-1871
https://nvd.nist.gov/vuln/detail/CVE-2022-1871
[ 136 ] CVE-2022-1872
https://nvd.nist.gov/vuln/detail/CVE-2022-1872
[ 137 ] CVE-2022-1873
https://nvd.nist.gov/vuln/detail/CVE-2022-1873
[ 138 ] CVE-2022-1874
https://nvd.nist.gov/vuln/detail/CVE-2022-1874
[ 139 ] CVE-2022-1875
https://nvd.nist.gov/vuln/detail/CVE-2022-1875
[ 140 ] CVE-2022-1876
https://nvd.nist.gov/vuln/detail/CVE-2022-1876
[ 141 ] CVE-2022-2007
https://nvd.nist.gov/vuln/detail/CVE-2022-2007
[ 142 ] CVE-2022-2010
https://nvd.nist.gov/vuln/detail/CVE-2022-2010
[ 143 ] CVE-2022-2011
https://nvd.nist.gov/vuln/detail/CVE-2022-2011
[ 144 ] CVE-2022-2156
https://nvd.nist.gov/vuln/detail/CVE-2022-2156
[ 145 ] CVE-2022-2157
https://nvd.nist.gov/vuln/detail/CVE-2022-2157
[ 146 ] CVE-2022-2158
https://nvd.nist.gov/vuln/detail/CVE-2022-2158
[ 147 ] CVE-2022-2160
https://nvd.nist.gov/vuln/detail/CVE-2022-2160
[ 148 ] CVE-2022-2161
https://nvd.nist.gov/vuln/detail/CVE-2022-2161
[ 149 ] CVE-2022-2162
https://nvd.nist.gov/vuln/detail/CVE-2022-2162
[ 150 ] CVE-2022-2163
https://nvd.nist.gov/vuln/detail/CVE-2022-2163
[ 151 ] CVE-2022-2164
https://nvd.nist.gov/vuln/detail/CVE-2022-2164
[ 152 ] CVE-2022-2165
https://nvd.nist.gov/vuln/detail/CVE-2022-2165
[ 153 ] CVE-2022-22021
https://nvd.nist.gov/vuln/detail/CVE-2022-22021
[ 154 ] CVE-2022-24475
https://nvd.nist.gov/vuln/detail/CVE-2022-24475
[ 155 ] CVE-2022-24523
https://nvd.nist.gov/vuln/detail/CVE-2022-24523
[ 156 ] CVE-2022-26891
https://nvd.nist.gov/vuln/detail/CVE-2022-26891
[ 157 ] CVE-2022-26894
https://nvd.nist.gov/vuln/detail/CVE-2022-26894
[ 158 ] CVE-2022-26895
https://nvd.nist.gov/vuln/detail/CVE-2022-26895
[ 159 ] CVE-2022-26900
https://nvd.nist.gov/vuln/detail/CVE-2022-26900
[ 160 ] CVE-2022-26905
https://nvd.nist.gov/vuln/detail/CVE-2022-26905
[ 161 ] CVE-2022-26908
https://nvd.nist.gov/vuln/detail/CVE-2022-26908
[ 162 ] CVE-2022-26909
https://nvd.nist.gov/vuln/detail/CVE-2022-26909
[ 163 ] CVE-2022-26912
https://nvd.nist.gov/vuln/detail/CVE-2022-26912
[ 164 ] CVE-2022-29144
https://nvd.nist.gov/vuln/detail/CVE-2022-29144
[ 165 ] CVE-2022-29146
https://nvd.nist.gov/vuln/detail/CVE-2022-29146
[ 166 ] CVE-2022-29147
https://nvd.nist.gov/vuln/detail/CVE-2022-29147
[ 167 ] CVE-2022-30127
https://nvd.nist.gov/vuln/detail/CVE-2022-30127
[ 168 ] CVE-2022-30128
https://nvd.nist.gov/vuln/detail/CVE-2022-30128
[ 169 ] CVE-2022-30192
https://nvd.nist.gov/vuln/detail/CVE-2022-30192
[ 170 ] CVE-2022-33638
https://nvd.nist.gov/vuln/detail/CVE-2022-33638
[ 171 ] CVE-2022-33639
https://nvd.nist.gov/vuln/detail/CVE-2022-33639

Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202208-25

Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
--===============4655524139218920143==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

 

TOP