Page MenuHomeSolus
Create Task
Maniphest T10211

Chrome 99.0.4844.84 fixes high risk vulnerability CVE-2022-1096
Closed, ResolvedPublic
Actions

Description

Hello

New Chrome update 99.0.4844.84 fixes high risk vulnerability [$TBD][1309225] High CVE-2022-1096: Type Confusion in V8. More detailed info:

https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html

https://borncity.com/win/2022/03/25/chrome-99-0-4844-84-fixt-1-sicherheitslcke/

The vulnerability is so bad that Chromium isn't even disclosing the details until the upgrade deployment reaches critical mass. This vulnerability also affects other Chromium-based browsers, like Brave, Vivaldi, and Opera. Please update these browsers as soon as possible.

Thank you in advance, kind regards

Related Objects

Event Timeline

joluveba created this task.Mar 29 2022, 8:14 PM
Staudey added a subscriber: Staudey.Mar 29 2022, 9:06 PM

So the third-party repository has already been updated a few days ago.
Brave is also done with https://dev.getsol.us/R4107:a70ac7d4c362176a4563fc5f5aa7d2aa362be9c4
I see opera has an update available, and I'm not sure about Vivaldi because they seem to want to hide their changelog from me (okay, they're referencing some Chromium build (not version) in their changelog that I didn't investigate further) but I assume the newest version has the fix.

Staudey mentioned this in R2263:499918f23cc0: Update Opera to 85.0.4341.28.Mar 30 2022, 8:33 AM
Staudey added a comment.Mar 30 2022, 8:35 AM

Fixed for Opera and Vivaldi:

https://dev.getsol.us/R2263:499918f23cc01a8e9fb3759ac7f51ac9ae919e85
https://dev.getsol.us/R3139:d552758c3078d207de1baad5ae11581a6b78ee99
https://dev.getsol.us/R3138:75e63086670460b737f2c6cf2801df3efd62281a

joluveba added a comment.Mar 30 2022, 9:14 AM

Thank you Staudey

I wonder if it would be possible to update the browsers on Shannon before next sync (which I suppose, will take place on April 03rd). For the moment, I am avoiding using Brave, just in case.

Kind regards

joluveba added a comment.Apr 2 2022, 6:08 PM

The sync expected for 04/01 was deferred to next Friday, as posted on the Solus forum

https://discuss.getsol.us/d/8216-sync-deferred-04012022-for-glibc

I kindly ask if the browsers (Brave, Opera, Vivaldi, Falkon) could be updated on Stable earlier than that. Please take into account that this vulneraribility was categorized as high risk, and using these browsers can be dangerous.

Thank you in advance, kind regards

Staudey closed this task as Resolved.Apr 9 2022, 6:27 PM
Staudey claimed this task.

Fixed for Stable by today's sync.

Staudey changed the visibility from "Custom Policy" to "Public (No Login Required)".Apr 9 2022, 6:27 PM
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.