Gentoo Archives: gentoo-announce

From: Sam James <sam@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202008-11 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Wed, 26 Aug 2020 22:41:54
Message-Id: 4C962335-8489-484C-A205-9740808A5533@gentoo.org
1 To: gentoo-announce@l.g.o
2 Subject: [ GLSA 202008-11 ] Chromium, Google Chrome: Multiple vulnerabilities
3
4 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5 Gentoo Linux Security Advisory GLSA 202008-11
6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7 https://security.gentoo.org/
8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10 Severity: Normal
11 Title: Chromium, Google Chrome: Multiple vulnerabilities
12 Date: August 26, 2020
13 Bugs: #738998
14 ID: 202008-11
15
16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18 Synopsis
19 ========
20
21 Multiple vulnerabilities have been found in Chromium and Google Chrome,
22 the worst of which could result in the arbitrary execution of code.
23
24 Background
25 ==========
26
27 Chromium is an open-source browser project that aims to build a safer,
28 faster, and more stable way for all users to experience the web.
29
30 Google Chrome is one fast, simple, and secure browser for all your
31 devices.
32
33 Affected packages
34 =================
35
36 -------------------------------------------------------------------
37 Package / Vulnerable / Unaffected
38 -------------------------------------------------------------------
39 1 www-client/chromium < 85.0.4183.83 >= 85.0.4183.83
40 2 www-client/google-chrome
41 < 85.0.4183.83 >= 85.0.4183.83
42 -------------------------------------------------------------------
43 2 affected packages
44
45 Description
46 ===========
47
48 Multiple vulnerabilities have been discovered in Chromium and Google
49 Chrome. Please review the CVE identifiers referenced below for details.
50
51 Impact
52 ======
53
54 Please review the referenced CVE identifiers for details.
55
56 Workaround
57 ==========
58
59 There is no known workaround at this time.
60
61 Resolution
62 ==========
63
64 All Chromium users should upgrade to the latest version:
65
66 # emerge --sync
67 # emerge --ask --oneshot -v ">=www-client/chromium-85.0.4183.83"
68
69 All Google Chrome users should upgrade to the latest version:
70
71 # emerge --sync
72 # emerge --ask --oneshot -v ">=www-client/google-chrome-85.0.4183.83"
73
74 References
75 ==========
76
77 [ 1 ] CVE-2020-6559
78 https://nvd.nist.gov/vuln/detail/CVE-2020-6559
79 [ 2 ] CVE-2020-6560
80 https://nvd.nist.gov/vuln/detail/CVE-2020-6560
81 [ 3 ] CVE-2020-6561
82 https://nvd.nist.gov/vuln/detail/CVE-2020-6561
83 [ 4 ] CVE-2020-6562
84 https://nvd.nist.gov/vuln/detail/CVE-2020-6562
85 [ 5 ] CVE-2020-6563
86 https://nvd.nist.gov/vuln/detail/CVE-2020-6563
87 [ 6 ] CVE-2020-6564
88 https://nvd.nist.gov/vuln/detail/CVE-2020-6564
89 [ 7 ] CVE-2020-6565
90 https://nvd.nist.gov/vuln/detail/CVE-2020-6565
91 [ 8 ] CVE-2020-6566
92 https://nvd.nist.gov/vuln/detail/CVE-2020-6566
93 [ 9 ] CVE-2020-6567
94 https://nvd.nist.gov/vuln/detail/CVE-2020-6567
95 [ 10 ] CVE-2020-6568
96 https://nvd.nist.gov/vuln/detail/CVE-2020-6568
97 [ 11 ] CVE-2020-6569
98 https://nvd.nist.gov/vuln/detail/CVE-2020-6569
99 [ 12 ] CVE-2020-6570
100 https://nvd.nist.gov/vuln/detail/CVE-2020-6570
101 [ 13 ] CVE-2020-6571
102 https://nvd.nist.gov/vuln/detail/CVE-2020-6571
103 [ 14 ] Upstream advisory
104 https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_25.html
105
106 Availability
107 ============
108
109 This GLSA and any updates to it are available for viewing at
110 the Gentoo Security Website:
111
112 https://security.gentoo.org/glsa/202008-11
113
114 Concerns?
115 =========
116
117 Security is a primary focus of Gentoo Linux and ensuring the
118 confidentiality and security of our users' machines is of utmost
119 importance to us. Any security concerns should be addressed to
120 security@g.o or alternatively, you may file a bug at
121 https://bugs.gentoo.org.
122
123 License
124 =======
125
126 Copyright 2020 Gentoo Foundation, Inc; referenced text
127 belongs to its owner(s).
128
129 The contents of this document are licensed under the
130 Creative Commons - Attribution / Share Alike license.
131
132 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature