Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201804-22 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Tue, 24 Apr 2018 00:29:39
Message-Id: 20180424002820.GA3667@monkey
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201804-22
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium, Google Chrome: Multiple vulnerabilities
9 Date: April 24, 2018
10 Bugs: #653696
11 ID: 201804-22
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and Google Chrome,
19 the worst of which could result in the execution of arbitrary code.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Google Chrome is one fast, simple, and secure browser for all your
28 devices.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 www-client/chromium < 66.0.3359.117 >= 66.0.3359.117
37 2 www-client/google-chrome
38 < 66.0.3359.117 >= 66.0.3359.117
39 -------------------------------------------------------------------
40 2 affected packages
41
42 Description
43 ===========
44
45 Multiple vulnerabilities have been discovered in Chromium and Google
46 Chrome. Please review the referenced CVE identifiers and Google Chrome
47 Releases for details.
48
49 Impact
50 ======
51
52 A remote attacker could possibly execute arbitrary code with the
53 privileges of the process, cause a Denial of Service condition, bypass
54 content security controls, or conduct URL spoofing.
55
56 Workaround
57 ==========
58
59 There is no known workaround at this time.
60
61 Resolution
62 ==========
63
64 All Chromium users should upgrade to the latest version:
65
66 # emerge --sync
67 # emerge --ask --oneshot -v ">=www-client/chromium-66.0.3359.117"
68
69 All Google Chrome users should upgrade to the latest version:
70
71 # emerge --sync
72 # emerge -a --oneshot -v ">=www-client/google-chrome-66.0.3359.117"
73
74 References
75 ==========
76
77 [ 1 ] CVE-2018-6085
78 https://nvd.nist.gov/vuln/detail/CVE-2018-6085
79 [ 2 ] CVE-2018-6086
80 https://nvd.nist.gov/vuln/detail/CVE-2018-6086
81 [ 3 ] CVE-2018-6087
82 https://nvd.nist.gov/vuln/detail/CVE-2018-6087
83 [ 4 ] CVE-2018-6088
84 https://nvd.nist.gov/vuln/detail/CVE-2018-6088
85 [ 5 ] CVE-2018-6089
86 https://nvd.nist.gov/vuln/detail/CVE-2018-6089
87 [ 6 ] CVE-2018-6090
88 https://nvd.nist.gov/vuln/detail/CVE-2018-6090
89 [ 7 ] CVE-2018-6091
90 https://nvd.nist.gov/vuln/detail/CVE-2018-6091
91 [ 8 ] CVE-2018-6092
92 https://nvd.nist.gov/vuln/detail/CVE-2018-6092
93 [ 9 ] CVE-2018-6093
94 https://nvd.nist.gov/vuln/detail/CVE-2018-6093
95 [ 10 ] CVE-2018-6094
96 https://nvd.nist.gov/vuln/detail/CVE-2018-6094
97 [ 11 ] CVE-2018-6095
98 https://nvd.nist.gov/vuln/detail/CVE-2018-6095
99 [ 12 ] CVE-2018-6096
100 https://nvd.nist.gov/vuln/detail/CVE-2018-6096
101 [ 13 ] CVE-2018-6097
102 https://nvd.nist.gov/vuln/detail/CVE-2018-6097
103 [ 14 ] CVE-2018-6098
104 https://nvd.nist.gov/vuln/detail/CVE-2018-6098
105 [ 15 ] CVE-2018-6099
106 https://nvd.nist.gov/vuln/detail/CVE-2018-6099
107 [ 16 ] CVE-2018-6100
108 https://nvd.nist.gov/vuln/detail/CVE-2018-6100
109 [ 17 ] CVE-2018-6101
110 https://nvd.nist.gov/vuln/detail/CVE-2018-6101
111 [ 18 ] CVE-2018-6102
112 https://nvd.nist.gov/vuln/detail/CVE-2018-6102
113 [ 19 ] CVE-2018-6103
114 https://nvd.nist.gov/vuln/detail/CVE-2018-6103
115 [ 20 ] CVE-2018-6104
116 https://nvd.nist.gov/vuln/detail/CVE-2018-6104
117 [ 21 ] CVE-2018-6105
118 https://nvd.nist.gov/vuln/detail/CVE-2018-6105
119 [ 22 ] CVE-2018-6106
120 https://nvd.nist.gov/vuln/detail/CVE-2018-6106
121 [ 23 ] CVE-2018-6107
122 https://nvd.nist.gov/vuln/detail/CVE-2018-6107
123 [ 24 ] CVE-2018-6108
124 https://nvd.nist.gov/vuln/detail/CVE-2018-6108
125 [ 25 ] CVE-2018-6109
126 https://nvd.nist.gov/vuln/detail/CVE-2018-6109
127 [ 26 ] CVE-2018-6110
128 https://nvd.nist.gov/vuln/detail/CVE-2018-6110
129 [ 27 ] CVE-2018-6111
130 https://nvd.nist.gov/vuln/detail/CVE-2018-6111
131 [ 28 ] CVE-2018-6112
132 https://nvd.nist.gov/vuln/detail/CVE-2018-6112
133 [ 29 ] CVE-2018-6113
134 https://nvd.nist.gov/vuln/detail/CVE-2018-6113
135 [ 30 ] CVE-2018-6114
136 https://nvd.nist.gov/vuln/detail/CVE-2018-6114
137 [ 31 ] CVE-2018-6115
138 https://nvd.nist.gov/vuln/detail/CVE-2018-6115
139 [ 32 ] CVE-2018-6116
140 https://nvd.nist.gov/vuln/detail/CVE-2018-6116
141 [ 33 ] CVE-2018-6117
142 https://nvd.nist.gov/vuln/detail/CVE-2018-6117
143 [ 34 ] Google Chrome Release 20180417
144 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html
145
146 Availability
147 ============
148
149 This GLSA and any updates to it are available for viewing at
150 the Gentoo Security Website:
151
152 https://security.gentoo.org/glsa/201804-22
153
154 Concerns?
155 =========
156
157 Security is a primary focus of Gentoo Linux and ensuring the
158 confidentiality and security of our users' machines is of utmost
159 importance to us. Any security concerns should be addressed to
160 security@g.o or alternatively, you may file a bug at
161 https://bugs.gentoo.org.
162
163 License
164 =======
165
166 Copyright 2018 Gentoo Foundation, Inc; referenced text
167 belongs to its owner(s).
168
169 The contents of this document are licensed under the
170 Creative Commons - Attribution / Share Alike license.
171
172 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups