[gentoo-announce] [ GLSA 202005-13 ] Chromium, Google Chrome: Multiple vulnerabilities - gentoo-announce

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 202005-13 ] Chromium, Google Chrome: Multiple vulnerabilities
Date:	Thu, 14 May 2020 22:37:19
Message-Id:	`002fd3e1-e2f6-4eb4-c857-d7599a5910f4@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 202005-13

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Chromium, Google Chrome: Multiple vulnerabilities

9

     Date: May 14, 2020

10

     Bugs: #719902, #721310

11

       ID: 202005-13

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Chromium and Google Chrome,

19

the worst of which could result in the arbitrary execution of code.

20

21

Background

22

==========

23

24

Chromium is an open-source browser project that aims to build a safer,

25

faster, and more stable way for all users to experience the web.

26

27

Google Chrome is one fast, simple, and secure browser for all your

28

devices.

29

30

Affected packages

31

=================

32

33

    -------------------------------------------------------------------

34

     Package              /     Vulnerable     /            Unaffected

35

    -------------------------------------------------------------------

36

  1  www-client/chromium      < 81.0.4044.138        >= 81.0.4044.138

37

  2  www-client/google-chrome

38

                              < 81.0.4044.138        >= 81.0.4044.138

39

    -------------------------------------------------------------------

40

     2 affected packages

41

42

Description

43

===========

44

45

Multiple vulnerabilities have been discovered in Chromium and Google

46

Chrome. Please review the CVE identifiers referenced below for details.

47

48

Impact

49

======

50

51

Please review the referenced CVE identifiers for details.

52

53

Workaround

54

==========

55

56

There is no known workaround at this time.

57

58

Resolution

59

==========

60

61

All Chromium users should upgrade to the latest version:

62

63

  # emerge --sync

64

  # emerge --ask --oneshot -v ">=www-client/chromium-81.0.4044.138"

65

66

All Google Chrome users should upgrade to the latest version:

67

68

  # emerge --sync

69

  # emerge -a --oneshot -v ">=www-client/google-chrome-81.0.4044.138"

70

71

References

72

==========

73

74

[ 1 ] CVE-2020-6461

75

      https://nvd.nist.gov/vuln/detail/CVE-2020-6461

76

[ 2 ] CVE-2020-6462

77

      https://nvd.nist.gov/vuln/detail/CVE-2020-6462

78

[ 3 ] CVE-2020-6464

79

      https://nvd.nist.gov/vuln/detail/CVE-2020-6464

80

[ 4 ] Release notes (81.0.4044.129)

81

82

https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html

83

[ 5 ] Release notes (81.0.4044.138)

84

85

https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html

86

87

Availability

88

============

89

90

This GLSA and any updates to it are available for viewing at

91

the Gentoo Security Website:

92

93

 https://security.gentoo.org/glsa/202005-13

94

95

Concerns?

96

=========

97

98

Security is a primary focus of Gentoo Linux and ensuring the

99

confidentiality and security of our users' machines is of utmost

100

importance to us. Any security concerns should be addressed to

101

security@g.o or alternatively, you may file a bug at

102

https://bugs.gentoo.org.

103

104

License

105

=======

106

107

Copyright 2020 Gentoo Foundation, Inc; referenced text

108

belongs to its owner(s).

109

110

The contents of this document are licensed under the

111

Creative Commons - Attribution / Share Alike license.

112

113

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 202005-13
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Chromium, Google Chrome: Multiple vulnerabilities
9	Date: May 14, 2020
10	Bugs: #719902, #721310
11	ID: 202005-13
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Chromium and Google Chrome,
19	the worst of which could result in the arbitrary execution of code.
20
21	Background
22	==========
23
24	Chromium is an open-source browser project that aims to build a safer,
25	faster, and more stable way for all users to experience the web.
26
27	Google Chrome is one fast, simple, and secure browser for all your
28	devices.
29
30	Affected packages
31	=================
32
33	-------------------------------------------------------------------
34	Package / Vulnerable / Unaffected
35	-------------------------------------------------------------------
36	1 www-client/chromium < 81.0.4044.138 >= 81.0.4044.138
37	2 www-client/google-chrome
38	< 81.0.4044.138 >= 81.0.4044.138
39	-------------------------------------------------------------------
40	2 affected packages
41
42	Description
43	===========
44
45	Multiple vulnerabilities have been discovered in Chromium and Google
46	Chrome. Please review the CVE identifiers referenced below for details.
47
48	Impact
49	======
50
51	Please review the referenced CVE identifiers for details.
52
53	Workaround
54	==========
55
56	There is no known workaround at this time.
57
58	Resolution
59	==========
60
61	All Chromium users should upgrade to the latest version:
62
63	# emerge --sync
64	# emerge --ask --oneshot -v ">=www-client/chromium-81.0.4044.138"
65
66	All Google Chrome users should upgrade to the latest version:
67
68	# emerge --sync
69	# emerge -a --oneshot -v ">=www-client/google-chrome-81.0.4044.138"
70
71	References
72	==========
73
74	[ 1 ] CVE-2020-6461
75	https://nvd.nist.gov/vuln/detail/CVE-2020-6461
76	[ 2 ] CVE-2020-6462
77	https://nvd.nist.gov/vuln/detail/CVE-2020-6462
78	[ 3 ] CVE-2020-6464
79	https://nvd.nist.gov/vuln/detail/CVE-2020-6464
80	[ 4 ] Release notes (81.0.4044.129)
81
82	https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html
83	[ 5 ] Release notes (81.0.4044.138)
84
85	https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html
86
87	Availability
88	============
89
90	This GLSA and any updates to it are available for viewing at
91	the Gentoo Security Website:
92
93	https://security.gentoo.org/glsa/202005-13
94
95	Concerns?
96	=========
97
98	Security is a primary focus of Gentoo Linux and ensuring the
99	confidentiality and security of our users' machines is of utmost
100	importance to us. Any security concerns should be addressed to
101	security@g.o or alternatively, you may file a bug at
102	https://bugs.gentoo.org.
103
104	License
105	=======
106
107	Copyright 2020 Gentoo Foundation, Inc; referenced text
108	belongs to its owner(s).
109
110	The contents of this document are licensed under the
111	Creative Commons - Attribution / Share Alike license.
112
113	https://creativecommons.org/licenses/by-sa/2.5