Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202003-08 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Fri, 13 Mar 2020 03:18:54
Message-Id: c872bec9-19ff-2ae2-3ee1-73f8a85ffda5@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202003-08
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Chromium, Google Chrome: Multiple vulnerabilities
9 Date: March 13, 2020
10 Bugs: #699676, #700588, #702498, #703286, #704960, #705638,
11 #708322, #710760, #711570
12 ID: 202003-08
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities have been found in Chromium and Google Chrome,
20 the worst of which could allow remote attackers to execute arbitrary
21 code.
22
23 Background
24 ==========
25
26 Chromium is an open-source browser project that aims to build a safer,
27 faster, and more stable way for all users to experience the web.
28
29 Google Chrome is one fast, simple, and secure browser for all your
30 devices.
31
32 Affected packages
33 =================
34
35 -------------------------------------------------------------------
36 Package / Vulnerable / Unaffected
37 -------------------------------------------------------------------
38 1 www-client/chromium < 80.0.3987.132 >= 80.0.3987.132
39 2 www-client/google-chrome
40 < 80.0.3987.132 >= 80.0.3987.132
41 -------------------------------------------------------------------
42 2 affected packages
43
44 Description
45 ===========
46
47 Multiple vulnerabilities have been discovered in Chromium and Google
48 Chrome. Please review the referenced CVE identifiers and Google Chrome
49 Releases for details.
50
51 Impact
52 ======
53
54 A remote attacker could execute arbitrary code, escalate privileges,
55 obtain sensitive information, spoof an URL or cause a Denial of Service
56 condition.
57
58 Workaround
59 ==========
60
61 There is no known workaround at this time.
62
63 Resolution
64 ==========
65
66 All Chromium users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge --ask --oneshot -v ">=www-client/chromium-80.0.3987.132"
70
71 All Google Chrome users should upgrade to the latest version:
72
73 # emerge --sync
74 # emerge -a --oneshot -v ">=www-client/google-chrome-80.0.3987.132"
75
76 References
77 ==========
78
79 [ 1 ] CVE-2019-13723
80 https://nvd.nist.gov/vuln/detail/CVE-2019-13723
81 [ 2 ] CVE-2019-13724
82 https://nvd.nist.gov/vuln/detail/CVE-2019-13724
83 [ 3 ] CVE-2019-13725
84 https://nvd.nist.gov/vuln/detail/CVE-2019-13725
85 [ 4 ] CVE-2019-13726
86 https://nvd.nist.gov/vuln/detail/CVE-2019-13726
87 [ 5 ] CVE-2019-13727
88 https://nvd.nist.gov/vuln/detail/CVE-2019-13727
89 [ 6 ] CVE-2019-13728
90 https://nvd.nist.gov/vuln/detail/CVE-2019-13728
91 [ 7 ] CVE-2019-13729
92 https://nvd.nist.gov/vuln/detail/CVE-2019-13729
93 [ 8 ] CVE-2019-13730
94 https://nvd.nist.gov/vuln/detail/CVE-2019-13730
95 [ 9 ] CVE-2019-13732
96 https://nvd.nist.gov/vuln/detail/CVE-2019-13732
97 [ 10 ] CVE-2019-13734
98 https://nvd.nist.gov/vuln/detail/CVE-2019-13734
99 [ 11 ] CVE-2019-13735
100 https://nvd.nist.gov/vuln/detail/CVE-2019-13735
101 [ 12 ] CVE-2019-13736
102 https://nvd.nist.gov/vuln/detail/CVE-2019-13736
103 [ 13 ] CVE-2019-13737
104 https://nvd.nist.gov/vuln/detail/CVE-2019-13737
105 [ 14 ] CVE-2019-13738
106 https://nvd.nist.gov/vuln/detail/CVE-2019-13738
107 [ 15 ] CVE-2019-13739
108 https://nvd.nist.gov/vuln/detail/CVE-2019-13739
109 [ 16 ] CVE-2019-13740
110 https://nvd.nist.gov/vuln/detail/CVE-2019-13740
111 [ 17 ] CVE-2019-13741
112 https://nvd.nist.gov/vuln/detail/CVE-2019-13741
113 [ 18 ] CVE-2019-13742
114 https://nvd.nist.gov/vuln/detail/CVE-2019-13742
115 [ 19 ] CVE-2019-13743
116 https://nvd.nist.gov/vuln/detail/CVE-2019-13743
117 [ 20 ] CVE-2019-13744
118 https://nvd.nist.gov/vuln/detail/CVE-2019-13744
119 [ 21 ] CVE-2019-13745
120 https://nvd.nist.gov/vuln/detail/CVE-2019-13745
121 [ 22 ] CVE-2019-13746
122 https://nvd.nist.gov/vuln/detail/CVE-2019-13746
123 [ 23 ] CVE-2019-13747
124 https://nvd.nist.gov/vuln/detail/CVE-2019-13747
125 [ 24 ] CVE-2019-13748
126 https://nvd.nist.gov/vuln/detail/CVE-2019-13748
127 [ 25 ] CVE-2019-13749
128 https://nvd.nist.gov/vuln/detail/CVE-2019-13749
129 [ 26 ] CVE-2019-13750
130 https://nvd.nist.gov/vuln/detail/CVE-2019-13750
131 [ 27 ] CVE-2019-13751
132 https://nvd.nist.gov/vuln/detail/CVE-2019-13751
133 [ 28 ] CVE-2019-13752
134 https://nvd.nist.gov/vuln/detail/CVE-2019-13752
135 [ 29 ] CVE-2019-13753
136 https://nvd.nist.gov/vuln/detail/CVE-2019-13753
137 [ 30 ] CVE-2019-13754
138 https://nvd.nist.gov/vuln/detail/CVE-2019-13754
139 [ 31 ] CVE-2019-13755
140 https://nvd.nist.gov/vuln/detail/CVE-2019-13755
141 [ 32 ] CVE-2019-13756
142 https://nvd.nist.gov/vuln/detail/CVE-2019-13756
143 [ 33 ] CVE-2019-13757
144 https://nvd.nist.gov/vuln/detail/CVE-2019-13757
145 [ 34 ] CVE-2019-13758
146 https://nvd.nist.gov/vuln/detail/CVE-2019-13758
147 [ 35 ] CVE-2019-13759
148 https://nvd.nist.gov/vuln/detail/CVE-2019-13759
149 [ 36 ] CVE-2019-13761
150 https://nvd.nist.gov/vuln/detail/CVE-2019-13761
151 [ 37 ] CVE-2019-13762
152 https://nvd.nist.gov/vuln/detail/CVE-2019-13762
153 [ 38 ] CVE-2019-13763
154 https://nvd.nist.gov/vuln/detail/CVE-2019-13763
155 [ 39 ] CVE-2019-13764
156 https://nvd.nist.gov/vuln/detail/CVE-2019-13764
157 [ 40 ] CVE-2019-13767
158 https://nvd.nist.gov/vuln/detail/CVE-2019-13767
159 [ 41 ] CVE-2020-6377
160 https://nvd.nist.gov/vuln/detail/CVE-2020-6377
161 [ 42 ] CVE-2020-6378
162 https://nvd.nist.gov/vuln/detail/CVE-2020-6378
163 [ 43 ] CVE-2020-6379
164 https://nvd.nist.gov/vuln/detail/CVE-2020-6379
165 [ 44 ] CVE-2020-6380
166 https://nvd.nist.gov/vuln/detail/CVE-2020-6380
167 [ 45 ] CVE-2020-6381
168 https://nvd.nist.gov/vuln/detail/CVE-2020-6381
169 [ 46 ] CVE-2020-6382
170 https://nvd.nist.gov/vuln/detail/CVE-2020-6382
171 [ 47 ] CVE-2020-6385
172 https://nvd.nist.gov/vuln/detail/CVE-2020-6385
173 [ 48 ] CVE-2020-6387
174 https://nvd.nist.gov/vuln/detail/CVE-2020-6387
175 [ 49 ] CVE-2020-6388
176 https://nvd.nist.gov/vuln/detail/CVE-2020-6388
177 [ 50 ] CVE-2020-6389
178 https://nvd.nist.gov/vuln/detail/CVE-2020-6389
179 [ 51 ] CVE-2020-6390
180 https://nvd.nist.gov/vuln/detail/CVE-2020-6390
181 [ 52 ] CVE-2020-6391
182 https://nvd.nist.gov/vuln/detail/CVE-2020-6391
183 [ 53 ] CVE-2020-6392
184 https://nvd.nist.gov/vuln/detail/CVE-2020-6392
185 [ 54 ] CVE-2020-6393
186 https://nvd.nist.gov/vuln/detail/CVE-2020-6393
187 [ 55 ] CVE-2020-6394
188 https://nvd.nist.gov/vuln/detail/CVE-2020-6394
189 [ 56 ] CVE-2020-6395
190 https://nvd.nist.gov/vuln/detail/CVE-2020-6395
191 [ 57 ] CVE-2020-6396
192 https://nvd.nist.gov/vuln/detail/CVE-2020-6396
193 [ 58 ] CVE-2020-6397
194 https://nvd.nist.gov/vuln/detail/CVE-2020-6397
195 [ 59 ] CVE-2020-6398
196 https://nvd.nist.gov/vuln/detail/CVE-2020-6398
197 [ 60 ] CVE-2020-6399
198 https://nvd.nist.gov/vuln/detail/CVE-2020-6399
199 [ 61 ] CVE-2020-6400
200 https://nvd.nist.gov/vuln/detail/CVE-2020-6400
201 [ 62 ] CVE-2020-6401
202 https://nvd.nist.gov/vuln/detail/CVE-2020-6401
203 [ 63 ] CVE-2020-6402
204 https://nvd.nist.gov/vuln/detail/CVE-2020-6402
205 [ 64 ] CVE-2020-6403
206 https://nvd.nist.gov/vuln/detail/CVE-2020-6403
207 [ 65 ] CVE-2020-6404
208 https://nvd.nist.gov/vuln/detail/CVE-2020-6404
209 [ 66 ] CVE-2020-6406
210 https://nvd.nist.gov/vuln/detail/CVE-2020-6406
211 [ 67 ] CVE-2020-6407
212 https://nvd.nist.gov/vuln/detail/CVE-2020-6407
213 [ 68 ] CVE-2020-6408
214 https://nvd.nist.gov/vuln/detail/CVE-2020-6408
215 [ 69 ] CVE-2020-6409
216 https://nvd.nist.gov/vuln/detail/CVE-2020-6409
217 [ 70 ] CVE-2020-6410
218 https://nvd.nist.gov/vuln/detail/CVE-2020-6410
219 [ 71 ] CVE-2020-6411
220 https://nvd.nist.gov/vuln/detail/CVE-2020-6411
221 [ 72 ] CVE-2020-6412
222 https://nvd.nist.gov/vuln/detail/CVE-2020-6412
223 [ 73 ] CVE-2020-6413
224 https://nvd.nist.gov/vuln/detail/CVE-2020-6413
225 [ 74 ] CVE-2020-6414
226 https://nvd.nist.gov/vuln/detail/CVE-2020-6414
227 [ 75 ] CVE-2020-6415
228 https://nvd.nist.gov/vuln/detail/CVE-2020-6415
229 [ 76 ] CVE-2020-6416
230 https://nvd.nist.gov/vuln/detail/CVE-2020-6416
231 [ 77 ] CVE-2020-6418
232 https://nvd.nist.gov/vuln/detail/CVE-2020-6418
233 [ 78 ] CVE-2020-6420
234 https://nvd.nist.gov/vuln/detail/CVE-2020-6420
235
236 Availability
237 ============
238
239 This GLSA and any updates to it are available for viewing at
240 the Gentoo Security Website:
241
242 https://security.gentoo.org/glsa/202003-08
243
244 Concerns?
245 =========
246
247 Security is a primary focus of Gentoo Linux and ensuring the
248 confidentiality and security of our users' machines is of utmost
249 importance to us. Any security concerns should be addressed to
250 security@g.o or alternatively, you may file a bug at
251 https://bugs.gentoo.org.
252
253 License
254 =======
255
256 Copyright 2020 Gentoo Foundation, Inc; referenced text
257 belongs to its owner(s).
258
259 The contents of this document are licensed under the
260 Creative Commons - Attribution / Share Alike license.
261
262 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups