GLSA 202208-25: Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities
Severity: | high |
Title: | Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities |
Date: | 08/14/2022 |
Bugs: |
|
ID: | 202208-25 |
Synopsis
Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.Background
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
Affected packages
Package | Vulnerable | Unaffected | Architecture(s) |
---|---|---|---|
www-client/microsoft-edge | < 101.0.1210.47 | >= 101.0.1210.47 | All supported architectures |
www-client/google-chrome | < 103.0.5060.53 | >= 103.0.5060.53 | All supported architectures |
www-client/chromium | < 103.0.5060.53 | >= 103.0.5060.53 | All supported architectures |
dev-qt/qtwebengine | < 5.15.5_p20220618 | >= 5.15.5_p20220618 | All supported architectures |
Description
Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"
All Chromium binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-bin-103.0.5060.53"
All Google Chrome users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-103.0.5060.53"
All Microsoft Edge users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"
All QtWebEngine users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-qt/qtwebengine-5.15.5_p20220618"
References
CVE-2022-33639 CVE-2022-33638 CVE-2022-30192 CVE-2022-30128 CVE-2022-30127 CVE-2022-29147 CVE-2022-29146 CVE-2022-29144 CVE-2022-26912 CVE-2022-26909 CVE-2022-26908 CVE-2022-26905 CVE-2022-26900 CVE-2022-26895 CVE-2022-26894 CVE-2022-26891 CVE-2022-24523 CVE-2022-24475 CVE-2022-22021 CVE-2022-2165 CVE-2022-2164 CVE-2022-2163 CVE-2022-2162 CVE-2022-2161 CVE-2022-2160 CVE-2022-2158 CVE-2022-2157 CVE-2022-2156 CVE-2022-2011 CVE-2022-2010 CVE-2022-2007 CVE-2022-1876 CVE-2022-1875 CVE-2022-1874 CVE-2022-1873 CVE-2022-1872 CVE-2022-1871 CVE-2022-1870 CVE-2022-1869 CVE-2022-1868 CVE-2022-1867 CVE-2022-1866 CVE-2022-1865 CVE-2022-1864 CVE-2022-1863 CVE-2022-1862 CVE-2022-1861 CVE-2022-1860 CVE-2022-1859 CVE-2022-1858 CVE-2022-1857 CVE-2022-1856 CVE-2022-1855 CVE-2022-1854 CVE-2022-1853 CVE-2022-1641 CVE-2022-1640 CVE-2022-1639 CVE-2022-1637 CVE-2022-1636 CVE-2022-1635 CVE-2022-1634 CVE-2022-1633 CVE-2022-1501 CVE-2022-1500 CVE-2022-1499 CVE-2022-1498 CVE-2022-1497 CVE-2022-1496 CVE-2022-1495 CVE-2022-1494 CVE-2022-1493 CVE-2022-1492 CVE-2022-1491 CVE-2022-1490 CVE-2022-1489 CVE-2022-1488 CVE-2022-1487 CVE-2022-1486 CVE-2022-1485 CVE-2022-1484 CVE-2022-1483 CVE-2022-1482 CVE-2022-1481 CVE-2022-1480 CVE-2022-1479 CVE-2022-1478 CVE-2022-1477 CVE-2022-1364 CVE-2022-1314 CVE-2022-1313 CVE-2022-1312 CVE-2022-1311 CVE-2022-1310 CVE-2022-1309 CVE-2022-1308 CVE-2022-1307 CVE-2022-1306 CVE-2022-1305 CVE-2022-1232 CVE-2022-1146 CVE-2022-1145 CVE-2022-1144 CVE-2022-1143 CVE-2022-1142 CVE-2022-1141 CVE-2022-1139 CVE-2022-1138 CVE-2022-1137 CVE-2022-1136 CVE-2022-1135 CVE-2022-1134 CVE-2022-1133 CVE-2022-1132 CVE-2022-1131 CVE-2022-1130 CVE-2022-1129 CVE-2022-1128 CVE-2022-1127 CVE-2022-1125 CVE-2022-1096 CVE-2022-0980 CVE-2022-0979 CVE-2022-0978 CVE-2022-0977 CVE-2022-0976 CVE-2022-0975 CVE-2022-0974 CVE-2022-0973 CVE-2022-0972 CVE-2022-0971 CVE-2022-0809 CVE-2022-0808 CVE-2022-0807 CVE-2022-0806 CVE-2022-0805 CVE-2022-0804 CVE-2022-0803 CVE-2022-0802 CVE-2022-0801 CVE-2022-0800 CVE-2022-0799 CVE-2022-0798 CVE-2022-0797 CVE-2022-0796 CVE-2022-0795 CVE-2022-0794 CVE-2022-0793 CVE-2022-0792 CVE-2022-0791 CVE-2022-0790 CVE-2022-0789 CVE-2021-30551 CVE-2021-4079 CVE-2021-4078 CVE-2021-4068 CVE-2021-4067 CVE-2021-4066 CVE-2021-4065 CVE-2021-4064 CVE-2021-4063 CVE-2021-4062 CVE-2021-4061 CVE-2021-4059 CVE-2021-4058 CVE-2021-4057 CVE-2021-4056 CVE-2021-4055 CVE-2021-4054 CVE-2021-4053 CVE-2021-4052
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.