chore: cherry-pick 6b4af5d82083 from chromium

[ad0p]

[M107] Fix potential OOB problem with validating command decoder

Bug: 1392715
Change-Id: If51b10cc08e5b3ca4b6012b97261347a5e4c134e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4048203
Auto-Submit: Peng Huang <penghuang@chromium.org>
Commit-Queue: Peng Huang <penghuang@chromium.org>
Reviewed-by: Geoff Lang <geofflang@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1074966}

Notes: Security: backported fix for CVE-2022-4135.

[release-clerk]

Release Notes Persisted

Security: backported fix for CVE-2022-4135.

[mgalla10]

It looks like this is still an issue for Electron v21.3.1 (using Chromium 106.0.5249.181), but I don't see any other open issue related to this CVE - are there any plans to fix this in that version?

[ad0p]

It looks like this is still an issue for Electron v21.3.1 (using Chromium 106.0.5249.181), but I don't see any other open issue related to this CVE - are there any plans to fix this in that version?

It's fixed in 106.0.5249.203, latest version is 106.0.5249.207. Should I bump version manually, or will electron-roller do it automatically? UPDATE: It's fixed in 106.0.5249.199

[mgalla10]

I'm not familiar with electron-roller or the Chromium update process in general, but the most recent v21 release didn't quite update Chromium enough (it updated to 106.0.5249.199), so maybe a manual version bump is necessary?

[mgalla10]

Given the severity of the CVE, we'd really like to get the Chromium fix into our code as quickly as we can. @ad0p, @nornagon, @ppontes - do any of you know if the next v21 release will bump update Chromium to a version that includes this fix (>= 106.0.5249.203)? Is opening a new issue this the most appropriate way to request that if not?

[nornagon]

i suspect 106.0.5249.203 was never released on win/mac/linux; was that a CrOS-only release?

roller is driven from https://chromiumdash.appspot.com/releases, we don't roll unless there's a release on a platform we support. this decision was driven by us accidentally doing a bunch of extra work for things that were Android- or CrOS-only.

so this should be manually backported to 21-x-y.

[mgalla10]

Ah, that makes sense, thanks for the info!

@ad0p Is this manual backport something you'd be willing to do since you did the backports to 19-x-y and 20-x-y (and it looks like you're doing backports to 20-x-y and 21-x-y for the recent CVE-2022-4262 fix)?

[ad0p]

Ah, that makes sense, thanks for the info!

@ad0p Is this manual backport something you'd be willing to do since you did the backports to 19-x-y and 20-x-y (and it looks like you're doing backports to 20-x-y and 21-x-y for the recent CVE-2022-4262 fix)?

Sorry, I did not realize that version 106.0.5249.199 already contains this fix, no need to backport then.