[gentoo-announce] [ GLSA 202004-12 ] Chromium, Google Chrome: Multiple vulnerabilities - gentoo-announce

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 202004-12 ] Chromium, Google Chrome: Multiple vulnerabilities
Date:	Thu, 23 Apr 2020 14:38:14
Message-Id:	`abe0ae10-1335-a8b0-888c-93cb26f247e7@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 202004-12

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Chromium, Google Chrome: Multiple vulnerabilities

9

     Date: April 23, 2020

10

     Bugs: #717652, #718826

11

       ID: 202004-12

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Chromium and Google Chrome,

19

the worst of which could allow remote attackers to execute arbitrary

20

code.

21

22

Background

23

==========

24

25

Chromium is an open-source browser project that aims to build a safer,

26

faster, and more stable way for all users to experience the web.

27

28

Google Chrome is one fast, simple, and secure browser for all your

29

devices.

30

31

Affected packages

32

=================

33

34

    -------------------------------------------------------------------

35

     Package              /     Vulnerable     /            Unaffected

36

    -------------------------------------------------------------------

37

  1  www-client/chromium      < 81.0.4044.122        >= 81.0.4044.122

38

  2  www-client/google-chrome

39

                              < 81.0.4044.122        >= 81.0.4044.122

40

    -------------------------------------------------------------------

41

     2 affected packages

42

43

Description

44

===========

45

46

Multiple vulnerabilities have been discovered in Chromium and Google

47

Chrome. Please review the referenced CVE identifiers for details.

48

49

Impact

50

======

51

52

A remote attacker could entice a user to open a specially crafted HTML

53

or multimedia file using Chromium or Google Chrome, possibly resulting

54

in execution of arbitrary code with the privileges of the process or a

55

Denial of Service condition.

56

57

Workaround

58

==========

59

60

There is no known workaround at this time.

61

62

Resolution

63

==========

64

65

All Chromium users should upgrade to the latest version:

66

67

  # emerge --sync

68

  # emerge --ask --oneshot -v ">=www-client/chromium-81.0.4044.122"

69

70

All Google Chrome users should upgrade to the latest version:

71

72

  # emerge --sync

73

  # emerge -a --oneshot -v ">=www-client/google-chrome-81.0.4044.122"

74

75

References

76

==========

77

78

[ 1 ] CVE-2020-6457

79

      https://nvd.nist.gov/vuln/detail/CVE-2020-6457

80

[ 2 ] CVE-2020-6458

81

      https://nvd.nist.gov/vuln/detail/CVE-2020-6458

82

[ 3 ] CVE-2020-6459

83

      https://nvd.nist.gov/vuln/detail/CVE-2020-6459

84

[ 4 ] CVE-2020-6460

85

      https://nvd.nist.gov/vuln/detail/CVE-2020-6460

86

87

Availability

88

============

89

90

This GLSA and any updates to it are available for viewing at

91

the Gentoo Security Website:

92

93

 https://security.gentoo.org/glsa/202004-12

94

95

Concerns?

96

=========

97

98

Security is a primary focus of Gentoo Linux and ensuring the

99

confidentiality and security of our users' machines is of utmost

100

importance to us. Any security concerns should be addressed to

101

security@g.o or alternatively, you may file a bug at

102

https://bugs.gentoo.org.

103

104

License

105

=======

106

107

Copyright 2020 Gentoo Foundation, Inc; referenced text

108

belongs to its owner(s).

109

110

The contents of this document are licensed under the

111

Creative Commons - Attribution / Share Alike license.

112

113

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 202004-12
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Chromium, Google Chrome: Multiple vulnerabilities
9	Date: April 23, 2020
10	Bugs: #717652, #718826
11	ID: 202004-12
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Chromium and Google Chrome,
19	the worst of which could allow remote attackers to execute arbitrary
20	code.
21
22	Background
23	==========
24
25	Chromium is an open-source browser project that aims to build a safer,
26	faster, and more stable way for all users to experience the web.
27
28	Google Chrome is one fast, simple, and secure browser for all your
29	devices.
30
31	Affected packages
32	=================
33
34	-------------------------------------------------------------------
35	Package / Vulnerable / Unaffected
36	-------------------------------------------------------------------
37	1 www-client/chromium < 81.0.4044.122 >= 81.0.4044.122
38	2 www-client/google-chrome
39	< 81.0.4044.122 >= 81.0.4044.122
40	-------------------------------------------------------------------
41	2 affected packages
42
43	Description
44	===========
45
46	Multiple vulnerabilities have been discovered in Chromium and Google
47	Chrome. Please review the referenced CVE identifiers for details.
48
49	Impact
50	======
51
52	A remote attacker could entice a user to open a specially crafted HTML
53	or multimedia file using Chromium or Google Chrome, possibly resulting
54	in execution of arbitrary code with the privileges of the process or a
55	Denial of Service condition.
56
57	Workaround
58	==========
59
60	There is no known workaround at this time.
61
62	Resolution
63	==========
64
65	All Chromium users should upgrade to the latest version:
66
67	# emerge --sync
68	# emerge --ask --oneshot -v ">=www-client/chromium-81.0.4044.122"
69
70	All Google Chrome users should upgrade to the latest version:
71
72	# emerge --sync
73	# emerge -a --oneshot -v ">=www-client/google-chrome-81.0.4044.122"
74
75	References
76	==========
77
78	[ 1 ] CVE-2020-6457
79	https://nvd.nist.gov/vuln/detail/CVE-2020-6457
80	[ 2 ] CVE-2020-6458
81	https://nvd.nist.gov/vuln/detail/CVE-2020-6458
82	[ 3 ] CVE-2020-6459
83	https://nvd.nist.gov/vuln/detail/CVE-2020-6459
84	[ 4 ] CVE-2020-6460
85	https://nvd.nist.gov/vuln/detail/CVE-2020-6460
86
87	Availability
88	============
89
90	This GLSA and any updates to it are available for viewing at
91	the Gentoo Security Website:
92
93	https://security.gentoo.org/glsa/202004-12
94
95	Concerns?
96	=========
97
98	Security is a primary focus of Gentoo Linux and ensuring the
99	confidentiality and security of our users' machines is of utmost
100	importance to us. Any security concerns should be addressed to
101	security@g.o or alternatively, you may file a bug at
102	https://bugs.gentoo.org.
103
104	License
105	=======
106
107	Copyright 2020 Gentoo Foundation, Inc; referenced text
108	belongs to its owner(s).
109
110	The contents of this document are licensed under the
111	Creative Commons - Attribution / Share Alike license.
112
113	https://creativecommons.org/licenses/by-sa/2.5