From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-announce+bounces-3000-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id E191E158094
	for <garchives@archives.gentoo.org>; Thu, 29 Sep 2022 14:40:01 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 528AFE0A88;
	Thu, 29 Sep 2022 14:34:18 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 943E8E0956
	for <gentoo-announce@lists.gentoo.org>; Thu, 29 Sep 2022 14:24:30 +0000 (UTC)
Received: from glsamakerdev.dev.gentoo.org (unknown [140.211.166.165])
	by smtp.gentoo.org (Postfix) with ESMTP id C514A3412D8
	for <gentoo-announce@lists.gentoo.org>; Thu, 29 Sep 2022 14:24:29 +0000 (UTC)
Received: from [172.18.0.3] (unknown [172.18.0.3])
	by glsamakerdev.dev.gentoo.org (Postfix) with ESMTP id BA6DD8D129
	for <gentoo-announce@lists.gentoo.org>; Thu, 29 Sep 2022 14:24:29 +0000 (-00)
Subject: [gentoo-announce] [ GLSA 202209-23 ] Chromium, Google Chrome, Microsoft Edge: Multiple
 Vulnerabilities
Precedence: bulk
List-Post: <mailto:gentoo-announce@lists.gentoo.org>
List-Help: <mailto:gentoo-announce+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-announce+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-announce+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-announce.gentoo.org>
X-BeenThere: gentoo-announce@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
 micalg="pgp-sha512"; boundary="===============5376021121735108890=="
From: glsamaker@gentoo.org
To: gentoo-announce@lists.gentoo.org
Reply-To: security@gentoo.org
Date: Thu, 29 Sep 2022 14:24:29 -0000
Message-ID: <166446146976.9.1888922439231574343@90bb6a0775af>
X-Archives-Salt: 99e0ad4b-39f5-4467-98bb-5e6f177b1a66
X-Archives-Hash: 5185453cfdc05b49b6843dc2d7951065

--===============5376021121735108890==
Content-Type: text/plain; charset="utf-8"

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202209-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
     Date: September 29, 2022
     Bugs: #868156, #868354, #872407, #870142
       ID: 202209-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Chromium and its
derivatives, the worst of which could result in remote code execution.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your
devices.

Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-client/chromium        < 105.0.5195.125    >= 105.0.5195.125
  2  www-client/chromium-bin    < 105.0.5195.125    >= 105.0.5195.125
  3  www-client/google-chrome   < 105.0.5195.125    >= 105.0.5195.125
  4  www-client/microsoft-edge  < 105.0.1343.42      >= 105.0.1343.42

Description
===========

Multiple vulnerabilities have been discovered in Chromium, Google
Chrome, Microsoft Edge. Please review the CVE identifiers referenced
below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/chromium-105.0.5195.125"

All Chromium binary users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-105.0.5195.125"

All Google Chrome users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-105.0.5195.125"

All Microsoft Edge users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-105.0.1343.42"

References
==========

[ 1 ] CVE-2022-3038
      https://nvd.nist.gov/vuln/detail/CVE-2022-3038
[ 2 ] CVE-2022-3039
      https://nvd.nist.gov/vuln/detail/CVE-2022-3039
[ 3 ] CVE-2022-3040
      https://nvd.nist.gov/vuln/detail/CVE-2022-3040
[ 4 ] CVE-2022-3041
      https://nvd.nist.gov/vuln/detail/CVE-2022-3041
[ 5 ] CVE-2022-3042
      https://nvd.nist.gov/vuln/detail/CVE-2022-3042
[ 6 ] CVE-2022-3043
      https://nvd.nist.gov/vuln/detail/CVE-2022-3043
[ 7 ] CVE-2022-3044
      https://nvd.nist.gov/vuln/detail/CVE-2022-3044
[ 8 ] CVE-2022-3045
      https://nvd.nist.gov/vuln/detail/CVE-2022-3045
[ 9 ] CVE-2022-3046
      https://nvd.nist.gov/vuln/detail/CVE-2022-3046
[ 10 ] CVE-2022-3047
      https://nvd.nist.gov/vuln/detail/CVE-2022-3047
[ 11 ] CVE-2022-3048
      https://nvd.nist.gov/vuln/detail/CVE-2022-3048
[ 12 ] CVE-2022-3049
      https://nvd.nist.gov/vuln/detail/CVE-2022-3049
[ 13 ] CVE-2022-3050
      https://nvd.nist.gov/vuln/detail/CVE-2022-3050
[ 14 ] CVE-2022-3051
      https://nvd.nist.gov/vuln/detail/CVE-2022-3051
[ 15 ] CVE-2022-3052
      https://nvd.nist.gov/vuln/detail/CVE-2022-3052
[ 16 ] CVE-2022-3053
      https://nvd.nist.gov/vuln/detail/CVE-2022-3053
[ 17 ] CVE-2022-3054
      https://nvd.nist.gov/vuln/detail/CVE-2022-3054
[ 18 ] CVE-2022-3055
      https://nvd.nist.gov/vuln/detail/CVE-2022-3055
[ 19 ] CVE-2022-3056
      https://nvd.nist.gov/vuln/detail/CVE-2022-3056
[ 20 ] CVE-2022-3057
      https://nvd.nist.gov/vuln/detail/CVE-2022-3057
[ 21 ] CVE-2022-3058
      https://nvd.nist.gov/vuln/detail/CVE-2022-3058
[ 22 ] CVE-2022-3071
      https://nvd.nist.gov/vuln/detail/CVE-2022-3071
[ 23 ] CVE-2022-3075
      https://nvd.nist.gov/vuln/detail/CVE-2022-3075
[ 24 ] CVE-2022-3195
      https://nvd.nist.gov/vuln/detail/CVE-2022-3195
[ 25 ] CVE-2022-3196
      https://nvd.nist.gov/vuln/detail/CVE-2022-3196
[ 26 ] CVE-2022-3197
      https://nvd.nist.gov/vuln/detail/CVE-2022-3197
[ 27 ] CVE-2022-3198
      https://nvd.nist.gov/vuln/detail/CVE-2022-3198
[ 28 ] CVE-2022-3199
      https://nvd.nist.gov/vuln/detail/CVE-2022-3199
[ 29 ] CVE-2022-3200
      https://nvd.nist.gov/vuln/detail/CVE-2022-3200
[ 30 ] CVE-2022-3201
      https://nvd.nist.gov/vuln/detail/CVE-2022-3201
[ 31 ] CVE-2022-38012
      https://nvd.nist.gov/vuln/detail/CVE-2022-38012

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-23

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
--===============5376021121735108890==
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmM1qp0ACgkQFMQkOaVy
+9ls4A//QLKdSUuVySPS4wK85F+vrWIqr3Dxa9wVIyb0ymwB4CYqwVETeuXmHgTe
KK643CDrpgtcZIwaEgTfW2dWqK0oKV+qZLicpMGaolildRIcjXdZoKJoEva+t85e
13ZbmAXoUZqqT3IACisf1bhDwyuPA0dD8J4Qfp8ggjXJg5x+4yJlaUr5zgVrnknC
MU8sHruYfhayTkl/FPvp+jcnBLJCY8xXB9gq3L1sv6lHPaW+igaYFS6BD3QLgT+w
+vaZRM8VFWc9wt3VsTbKiAYTAsiQvzVy8z0kKt0G6oGtXAjxqq3DxnMWe3rtqks/
m6V/RezC/XLk41sGj8GD6J5YUoH2KT2qADCXoAAB0Ih1GA1nqK1F7I0qJhQm0YEw
AqfWflnWwAQ523WVG4B7Sg07agtXn2nscS9O8qYepopbuWHR2SMb+P8dSEaRTeGe
yLCPYJotVsArRQYOSgmX9cggovtQElK7vxE1gZ7Tiq4FcObcojoUGalIbyxriIqp
bUaWatnHsqBdjHf9GKeqbCrCdiZwMwbG1qq2M6VxPn95W73iieCVDIqK2fbwhPVe
vErJxaRr19gbdkwW1/c9kosj+chrSscdIT5uVNHejBj4s97bVbkpF8EbqMZbvieD
KQJQzu6KY/bwqgPpClUrAvDDFPKk6DenWnADFS3qXXiJD3cQT4s=
=mVZq
-----END PGP SIGNATURE-----

--===============5376021121735108890==--