Gentoo Archives: gentoo-announce

From: Sam James <sam@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202008-07 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Wed, 12 Aug 2020 06:08:11
Message-Id: E12D1B19-43F7-4ED9-B19C-4CF75DD3FCAE@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202008-07
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium, Google Chrome: Multiple vulnerabilities
9 Date: August 12, 2020
10 Bugs: #736659
11 ID: 202008-07
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and Google Chrome,
19 the worst of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Google Chrome is one fast, simple, and secure browser for all your
28 devices.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 www-client/chromium < 84.0.4147.125 >= 84.0.4147.125
37 2 www-client/google-chrome
38 < 84.0.4147.125 >= 84.0.4147.125
39 -------------------------------------------------------------------
40 2 affected packages
41
42 Description
43 ===========
44
45 Multiple vulnerabilities have been discovered in Chromium and Google
46 Chrome. Please review the CVE identifiers referenced below for details.
47
48 Impact
49 ======
50
51 Please review the referenced CVE identifiers for details.
52
53 Workaround
54 ==========
55
56 There is no known workaround at this time.
57
58 Resolution
59 ==========
60
61 All Chromium users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot -v ">=www-client/chromium-84.0.4147.125"
65
66 All Google Chrome users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge -a --oneshot -v ">=www-client/google-chrome-84.0.4147.125"
70
71 References
72 ==========
73
74 [ 1 ] CVE-2020-6542
75 https://nvd.nist.gov/vuln/detail/CVE-2020-6542
76 [ 2 ] CVE-2020-6543
77 https://nvd.nist.gov/vuln/detail/CVE-2020-6543
78 [ 3 ] CVE-2020-6544
79 https://nvd.nist.gov/vuln/detail/CVE-2020-6544
80 [ 4 ] CVE-2020-6545
81 https://nvd.nist.gov/vuln/detail/CVE-2020-6545
82 [ 5 ] CVE-2020-6547
83 https://nvd.nist.gov/vuln/detail/CVE-2020-6547
84 [ 6 ] CVE-2020-6548
85 https://nvd.nist.gov/vuln/detail/CVE-2020-6548
86 [ 7 ] CVE-2020-6549
87 https://nvd.nist.gov/vuln/detail/CVE-2020-6549
88 [ 8 ] CVE-2020-6550
89 https://nvd.nist.gov/vuln/detail/CVE-2020-6550
90 [ 9 ] CVE-2020-6551
91 https://nvd.nist.gov/vuln/detail/CVE-2020-6551
92 [ 10 ] CVE-2020-6552
93 https://nvd.nist.gov/vuln/detail/CVE-2020-6552
94 [ 11 ] CVE-2020-6553
95 https://nvd.nist.gov/vuln/detail/CVE-2020-6553
96 [ 12 ] CVE-2020-6554
97 https://nvd.nist.gov/vuln/detail/CVE-2020-6554
98 [ 13 ] CVE-2020-6555
99 https://nvd.nist.gov/vuln/detail/CVE-2020-6555
100 [ 14 ] Upstream advisory
101 https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html
102
103 Availability
104 ============
105
106 This GLSA and any updates to it are available for viewing at
107 the Gentoo Security Website:
108
109 https://security.gentoo.org/glsa/202008-07
110
111 Concerns?
112 =========
113
114 Security is a primary focus of Gentoo Linux and ensuring the
115 confidentiality and security of our users' machines is of utmost
116 importance to us. Any security concerns should be addressed to
117 security@g.o or alternatively, you may file a bug at
118 https://bugs.gentoo.org.
119
120 License
121 =======
122
123 Copyright 2020 Gentoo Foundation, Inc; referenced text
124 belongs to its owner(s).
125
126 The contents of this document are licensed under the
127 Creative Commons - Attribution / Share Alike license.
128
129 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature