Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: glsamaker@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202210-16 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Date: Mon, 31 Oct 2022 01:55:51
Message-Id: 166717867963.9.2981082762314598231@90bb6a0775af
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202210-16
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
9 Date: October 31, 2022
10 Bugs: #873817, #874855, #876855, #873217
11 ID: 202210-16
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and its
19 derivatives, the worst of which could result in remote code execution.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Google Chrome is one fast, simple, and secure browser for all your
28 devices.
29
30 Microsoft Edge is a browser that combines a minimal design with
31 sophisticated technology to make the web faster, safer, and easier.
32
33 Affected packages
34 =================
35
36 -------------------------------------------------------------------
37 Package / Vulnerable / Unaffected
38 -------------------------------------------------------------------
39 1 www-client/chromium < 106.0.5249.119 >= 106.0.5249.119
40 2 www-client/chromium-bin < 106.0.5249.119 >= 106.0.5249.119
41 3 www-client/google-chrome < 106.0.5249.119 >= 106.0.5249.119
42 4 www-client/microsoft-edge < 106.0.1370.37 >= 106.0.1370.37
43
44 Description
45 ===========
46
47 Multiple vulnerabilities have been discovered in Chromium, Google
48 Chrome, and Microsoft Edge. Please review the CVE identifiers referenced
49 below for details.
50
51 Impact
52 ======
53
54 Please review the referenced CVE identifiers for details.
55
56 Workaround
57 ==========
58
59 There is no known workaround at this time.
60
61 Resolution
62 ==========
63
64 All Chromium users should upgrade to the latest version:
65
66 # emerge --sync
67 # emerge --ask --oneshot --verbose ">=www-client/chromium-106.0.5249.119"
68
69 All Chromium binary users should upgrade to the latest version:
70
71 # emerge --sync
72 # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-106.0.5249.119"
73
74 All Google Chrome users should upgrade to the latest version:
75
76 # emerge --sync
77 # emerge --ask --oneshot --verbose ">=www-client/google-chrome-106.0.5249.119"
78
79 All Microsoft Edge users should upgrade to the latest version:
80
81 # emerge --sync
82 # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-106.0.1370.37"
83
84 References
85 ==========
86
87 [ 1 ] CVE-2022-3201
88 https://nvd.nist.gov/vuln/detail/CVE-2022-3201
89 [ 2 ] CVE-2022-3304
90 https://nvd.nist.gov/vuln/detail/CVE-2022-3304
91 [ 3 ] CVE-2022-3305
92 https://nvd.nist.gov/vuln/detail/CVE-2022-3305
93 [ 4 ] CVE-2022-3306
94 https://nvd.nist.gov/vuln/detail/CVE-2022-3306
95 [ 5 ] CVE-2022-3307
96 https://nvd.nist.gov/vuln/detail/CVE-2022-3307
97 [ 6 ] CVE-2022-3308
98 https://nvd.nist.gov/vuln/detail/CVE-2022-3308
99 [ 7 ] CVE-2022-3309
100 https://nvd.nist.gov/vuln/detail/CVE-2022-3309
101 [ 8 ] CVE-2022-3310
102 https://nvd.nist.gov/vuln/detail/CVE-2022-3310
103 [ 9 ] CVE-2022-3311
104 https://nvd.nist.gov/vuln/detail/CVE-2022-3311
105 [ 10 ] CVE-2022-3312
106 https://nvd.nist.gov/vuln/detail/CVE-2022-3312
107 [ 11 ] CVE-2022-3313
108 https://nvd.nist.gov/vuln/detail/CVE-2022-3313
109 [ 12 ] CVE-2022-3314
110 https://nvd.nist.gov/vuln/detail/CVE-2022-3314
111 [ 13 ] CVE-2022-3315
112 https://nvd.nist.gov/vuln/detail/CVE-2022-3315
113 [ 14 ] CVE-2022-3316
114 https://nvd.nist.gov/vuln/detail/CVE-2022-3316
115 [ 15 ] CVE-2022-3317
116 https://nvd.nist.gov/vuln/detail/CVE-2022-3317
117 [ 16 ] CVE-2022-3318
118 https://nvd.nist.gov/vuln/detail/CVE-2022-3318
119 [ 17 ] CVE-2022-3370
120 https://nvd.nist.gov/vuln/detail/CVE-2022-3370
121 [ 18 ] CVE-2022-3373
122 https://nvd.nist.gov/vuln/detail/CVE-2022-3373
123 [ 19 ] CVE-2022-3445
124 https://nvd.nist.gov/vuln/detail/CVE-2022-3445
125 [ 20 ] CVE-2022-3446
126 https://nvd.nist.gov/vuln/detail/CVE-2022-3446
127 [ 21 ] CVE-2022-3447
128 https://nvd.nist.gov/vuln/detail/CVE-2022-3447
129 [ 22 ] CVE-2022-3448
130 https://nvd.nist.gov/vuln/detail/CVE-2022-3448
131 [ 23 ] CVE-2022-3449
132 https://nvd.nist.gov/vuln/detail/CVE-2022-3449
133 [ 24 ] CVE-2022-3450
134 https://nvd.nist.gov/vuln/detail/CVE-2022-3450
135 [ 25 ] CVE-2022-41035
136 https://nvd.nist.gov/vuln/detail/CVE-2022-41035
137
138 Availability
139 ============
140
141 This GLSA and any updates to it are available for viewing at
142 the Gentoo Security Website:
143
144 https://security.gentoo.org/glsa/202210-16
145
146 Concerns?
147 =========
148
149 Security is a primary focus of Gentoo Linux and ensuring the
150 confidentiality and security of our users' machines is of utmost
151 importance to us. Any security concerns should be addressed to
152 security@g.o or alternatively, you may file a bug at
153 https://bugs.gentoo.org.
154
155 License
156 =======
157
158 Copyright 2022 Gentoo Foundation, Inc; referenced text
159 belongs to its owner(s).
160
161 The contents of this document are licensed under the
162 Creative Commons - Attribution / Share Alike license.
163
164 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups