Page MenuHomeSolus

Chrome 99.0.4844.84 fixes high risk vulnerability CVE-2022-1096
Closed, ResolvedPublic

Description

Hello

New Chrome update 99.0.4844.84 fixes high risk vulnerability [$TBD][1309225] High CVE-2022-1096: Type Confusion in V8. More detailed info:

https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html

https://borncity.com/win/2022/03/25/chrome-99-0-4844-84-fixt-1-sicherheitslcke/

The vulnerability is so bad that Chromium isn't even disclosing the details until the upgrade deployment reaches critical mass. This vulnerability also affects other Chromium-based browsers, like Brave, Vivaldi, and Opera. Please update these browsers as soon as possible.

Thank you in advance, kind regards

Event Timeline

joluveba created this task.Mar 29 2022, 8:14 PM

So the third-party repository has already been updated a few days ago.
Brave is also done with https://dev.getsol.us/R4107:a70ac7d4c362176a4563fc5f5aa7d2aa362be9c4
I see opera has an update available, and I'm not sure about Vivaldi because they seem to want to hide their changelog from me (okay, they're referencing some Chromium build (not version) in their changelog that I didn't investigate further) but I assume the newest version has the fix.

Thank you Staudey

I wonder if it would be possible to update the browsers on Shannon before next sync (which I suppose, will take place on April 03rd). For the moment, I am avoiding using Brave, just in case.

Kind regards

The sync expected for 04/01 was deferred to next Friday, as posted on the Solus forum

https://discuss.getsol.us/d/8216-sync-deferred-04012022-for-glibc

I kindly ask if the browsers (Brave, Opera, Vivaldi, Falkon) could be updated on Stable earlier than that. Please take into account that this vulneraribility was categorized as high risk, and using these browsers can be dangerous.

Thank you in advance, kind regards

Staudey closed this task as Resolved.Apr 9 2022, 6:27 PM
Staudey claimed this task.

Fixed for Stable by today's sync.

Staudey changed the visibility from "Custom Policy" to "Public (No Login Required)".Apr 9 2022, 6:27 PM