Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202004-09 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Fri, 10 Apr 2020 22:03:46
Message-Id: 5f90d529-a2a2-b839-0a7a-9c7b3d00efea@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202004-09
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium, Google Chrome: Multiple vulnerabilities
9 Date: April 10, 2020
10 Bugs: #715720, #716612
11 ID: 202004-09
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and Google Chrome,
19 the worst of which could allow remote attackers to execute arbitrary
20 code.
21
22 Background
23 ==========
24
25 Chromium is an open-source browser project that aims to build a safer,
26 faster, and more stable way for all users to experience the web.
27
28 Google Chrome is one fast, simple, and secure browser for all your
29 devices.
30
31 Affected packages
32 =================
33
34 -------------------------------------------------------------------
35 Package / Vulnerable / Unaffected
36 -------------------------------------------------------------------
37 1 www-client/chromium < 81.0.4044.92 >= 81.0.4044.92
38 2 www-client/google-chrome
39 < 81.0.4044.92 >= 81.0.4044.92
40 -------------------------------------------------------------------
41 2 affected packages
42
43 Description
44 ===========
45
46 Multiple vulnerabilities have been discovered in Chromium and Google
47 Chrome. Please review the referenced CVE identifiers for details.
48
49 Impact
50 ======
51
52 A remote attacker could entice a user to open a specially crafted HTML
53 or multimedia file using Chromium or Google Chrome, possibly resulting
54 in execution of arbitrary code with the privileges of the process or a
55 Denial of Service condition.
56
57 Workaround
58 ==========
59
60 There is no known workaround at this time.
61
62 Resolution
63 ==========
64
65 All Chromium users should upgrade to the latest version:
66
67 # emerge --sync
68 # emerge --ask --oneshot -v ">=www-client/chromium-81.0.4044.92"
69
70 All Google Chrome users should upgrade to the latest version:
71
72 # emerge --sync
73 # emerge --ask --oneshot -v ">=www-client/google-chrome-81.0.4044.92"
74
75 References
76 ==========
77
78 [ 1 ] CVE-2020-6423
79 https://nvd.nist.gov/vuln/detail/CVE-2020-6423
80 [ 2 ] CVE-2020-6430
81 https://nvd.nist.gov/vuln/detail/CVE-2020-6430
82 [ 3 ] CVE-2020-6431
83 https://nvd.nist.gov/vuln/detail/CVE-2020-6431
84 [ 4 ] CVE-2020-6432
85 https://nvd.nist.gov/vuln/detail/CVE-2020-6432
86 [ 5 ] CVE-2020-6433
87 https://nvd.nist.gov/vuln/detail/CVE-2020-6433
88 [ 6 ] CVE-2020-6434
89 https://nvd.nist.gov/vuln/detail/CVE-2020-6434
90 [ 7 ] CVE-2020-6435
91 https://nvd.nist.gov/vuln/detail/CVE-2020-6435
92 [ 8 ] CVE-2020-6436
93 https://nvd.nist.gov/vuln/detail/CVE-2020-6436
94 [ 9 ] CVE-2020-6437
95 https://nvd.nist.gov/vuln/detail/CVE-2020-6437
96 [ 10 ] CVE-2020-6438
97 https://nvd.nist.gov/vuln/detail/CVE-2020-6438
98 [ 11 ] CVE-2020-6439
99 https://nvd.nist.gov/vuln/detail/CVE-2020-6439
100 [ 12 ] CVE-2020-6440
101 https://nvd.nist.gov/vuln/detail/CVE-2020-6440
102 [ 13 ] CVE-2020-6441
103 https://nvd.nist.gov/vuln/detail/CVE-2020-6441
104 [ 14 ] CVE-2020-6442
105 https://nvd.nist.gov/vuln/detail/CVE-2020-6442
106 [ 15 ] CVE-2020-6443
107 https://nvd.nist.gov/vuln/detail/CVE-2020-6443
108 [ 16 ] CVE-2020-6444
109 https://nvd.nist.gov/vuln/detail/CVE-2020-6444
110 [ 17 ] CVE-2020-6445
111 https://nvd.nist.gov/vuln/detail/CVE-2020-6445
112 [ 18 ] CVE-2020-6446
113 https://nvd.nist.gov/vuln/detail/CVE-2020-6446
114 [ 19 ] CVE-2020-6447
115 https://nvd.nist.gov/vuln/detail/CVE-2020-6447
116 [ 20 ] CVE-2020-6448
117 https://nvd.nist.gov/vuln/detail/CVE-2020-6448
118 [ 21 ] CVE-2020-6450
119 https://nvd.nist.gov/vuln/detail/CVE-2020-6450
120 [ 22 ] CVE-2020-6451
121 https://nvd.nist.gov/vuln/detail/CVE-2020-6451
122 [ 23 ] CVE-2020-6452
123 https://nvd.nist.gov/vuln/detail/CVE-2020-6452
124 [ 24 ] CVE-2020-6454
125 https://nvd.nist.gov/vuln/detail/CVE-2020-6454
126 [ 25 ] CVE-2020-6455
127 https://nvd.nist.gov/vuln/detail/CVE-2020-6455
128 [ 26 ] CVE-2020-6456
129 https://nvd.nist.gov/vuln/detail/CVE-2020-6456
130
131 Availability
132 ============
133
134 This GLSA and any updates to it are available for viewing at
135 the Gentoo Security Website:
136
137 https://security.gentoo.org/glsa/202004-09
138
139 Concerns?
140 =========
141
142 Security is a primary focus of Gentoo Linux and ensuring the
143 confidentiality and security of our users' machines is of utmost
144 importance to us. Any security concerns should be addressed to
145 security@g.o or alternatively, you may file a bug at
146 https://bugs.gentoo.org.
147
148 License
149 =======
150
151 Copyright 2020 Gentoo Foundation, Inc; referenced text
152 belongs to its owner(s).
153
154 The contents of this document are licensed under the
155 Creative Commons - Attribution / Share Alike license.
156
157 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature