[gentoo-announce] [ GLSA 202003-53 ] Chromium, Google Chrome: Multiple vulnerabilities - gentoo-announce

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 202003-53 ] Chromium, Google Chrome: Multiple vulnerabilities
Date:	Wed, 25 Mar 2020 18:33:34
Message-Id:	`2a46bae7-44b4-bc6f-4130-8df33f42ed4f@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 202003-53

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: Chromium, Google Chrome: Multiple vulnerabilities

9

     Date: March 25, 2020

10

     Bugs: #713282

11

       ID: 202003-53

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Chromium and Google Chrome,

19

the worst of which could allow remote attackers to execute arbitrary

20

code.

21

22

Background

23

==========

24

25

Chromium is an open-source browser project that aims to build a safer,

26

faster, and more stable way for all users to experience the web.

27

28

Google Chrome is one fast, simple, and secure browser for all your

29

devices.

30

31

Affected packages

32

=================

33

34

    -------------------------------------------------------------------

35

     Package              /     Vulnerable     /            Unaffected

36

    -------------------------------------------------------------------

37

  1  www-client/chromium      < 80.0.3987.149        >= 80.0.3987.149

38

  2  www-client/google-chrome

39

                              < 80.0.3987.149        >= 80.0.3987.149

40

    -------------------------------------------------------------------

41

     2 affected packages

42

43

Description

44

===========

45

46

Multiple vulnerabilities have been discovered in Chromium and Google

47

Chrome. Please review the referenced CVE identifiers for details.

48

49

Impact

50

======

51

52

A remote attacker could entice a user to open a specially crafted HTML

53

or multimedia file using Chromium or Google Chrome, possibly resulting

54

in execution of arbitrary code with the privileges of the process or a

55

Denial of Service condition.

56

57

Workaround

58

==========

59

60

There is no known workaround at this time.

61

62

Resolution

63

==========

64

65

All Chromium users should upgrade to the latest version:

66

67

  # emerge --sync

68

  # emerge --ask --oneshot -v ">=www-client/chromium-80.0.3987.149"

69

70

All Google Chrome users should upgrade to the latest version:

71

72

  # emerge --sync

73

  # emerge -a --oneshot -v ">=www-client/google-chrome-80.0.3987.149"

74

75

References

76

==========

77

78

[ 1 ] CVE-2020-6422

79

      https://nvd.nist.gov/vuln/detail/CVE-2020-6422

80

[ 2 ] CVE-2020-6424

81

      https://nvd.nist.gov/vuln/detail/CVE-2020-6424

82

[ 3 ] CVE-2020-6425

83

      https://nvd.nist.gov/vuln/detail/CVE-2020-6425

84

[ 4 ] CVE-2020-6426

85

      https://nvd.nist.gov/vuln/detail/CVE-2020-6426

86

[ 5 ] CVE-2020-6427

87

      https://nvd.nist.gov/vuln/detail/CVE-2020-6427

88

[ 6 ] CVE-2020-6428

89

      https://nvd.nist.gov/vuln/detail/CVE-2020-6428

90

[ 7 ] CVE-2020-6429

91

      https://nvd.nist.gov/vuln/detail/CVE-2020-6429

92

[ 8 ] CVE-2020-6449

93

      https://nvd.nist.gov/vuln/detail/CVE-2020-6449

94

95

Availability

96

============

97

98

This GLSA and any updates to it are available for viewing at

99

the Gentoo Security Website:

100

101

 https://security.gentoo.org/glsa/202003-53

102

103

Concerns?

104

=========

105

106

Security is a primary focus of Gentoo Linux and ensuring the

107

confidentiality and security of our users' machines is of utmost

108

importance to us. Any security concerns should be addressed to

109

security@g.o or alternatively, you may file a bug at

110

https://bugs.gentoo.org.

111

112

License

113

=======

114

115

Copyright 2020 Gentoo Foundation, Inc; referenced text

116

belongs to its owner(s).

117

118

The contents of this document are licensed under the

119

Creative Commons - Attribution / Share Alike license.

120

121

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 202003-53
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Chromium, Google Chrome: Multiple vulnerabilities
9	Date: March 25, 2020
10	Bugs: #713282
11	ID: 202003-53
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Chromium and Google Chrome,
19	the worst of which could allow remote attackers to execute arbitrary
20	code.
21
22	Background
23	==========
24
25	Chromium is an open-source browser project that aims to build a safer,
26	faster, and more stable way for all users to experience the web.
27
28	Google Chrome is one fast, simple, and secure browser for all your
29	devices.
30
31	Affected packages
32	=================
33
34	-------------------------------------------------------------------
35	Package / Vulnerable / Unaffected
36	-------------------------------------------------------------------
37	1 www-client/chromium < 80.0.3987.149 >= 80.0.3987.149
38	2 www-client/google-chrome
39	< 80.0.3987.149 >= 80.0.3987.149
40	-------------------------------------------------------------------
41	2 affected packages
42
43	Description
44	===========
45
46	Multiple vulnerabilities have been discovered in Chromium and Google
47	Chrome. Please review the referenced CVE identifiers for details.
48
49	Impact
50	======
51
52	A remote attacker could entice a user to open a specially crafted HTML
53	or multimedia file using Chromium or Google Chrome, possibly resulting
54	in execution of arbitrary code with the privileges of the process or a
55	Denial of Service condition.
56
57	Workaround
58	==========
59
60	There is no known workaround at this time.
61
62	Resolution
63	==========
64
65	All Chromium users should upgrade to the latest version:
66
67	# emerge --sync
68	# emerge --ask --oneshot -v ">=www-client/chromium-80.0.3987.149"
69
70	All Google Chrome users should upgrade to the latest version:
71
72	# emerge --sync
73	# emerge -a --oneshot -v ">=www-client/google-chrome-80.0.3987.149"
74
75	References
76	==========
77
78	[ 1 ] CVE-2020-6422
79	https://nvd.nist.gov/vuln/detail/CVE-2020-6422
80	[ 2 ] CVE-2020-6424
81	https://nvd.nist.gov/vuln/detail/CVE-2020-6424
82	[ 3 ] CVE-2020-6425
83	https://nvd.nist.gov/vuln/detail/CVE-2020-6425
84	[ 4 ] CVE-2020-6426
85	https://nvd.nist.gov/vuln/detail/CVE-2020-6426
86	[ 5 ] CVE-2020-6427
87	https://nvd.nist.gov/vuln/detail/CVE-2020-6427
88	[ 6 ] CVE-2020-6428
89	https://nvd.nist.gov/vuln/detail/CVE-2020-6428
90	[ 7 ] CVE-2020-6429
91	https://nvd.nist.gov/vuln/detail/CVE-2020-6429
92	[ 8 ] CVE-2020-6449
93	https://nvd.nist.gov/vuln/detail/CVE-2020-6449
94
95	Availability
96	============
97
98	This GLSA and any updates to it are available for viewing at
99	the Gentoo Security Website:
100
101	https://security.gentoo.org/glsa/202003-53
102
103	Concerns?
104	=========
105
106	Security is a primary focus of Gentoo Linux and ensuring the
107	confidentiality and security of our users' machines is of utmost
108	importance to us. Any security concerns should be addressed to
109	security@g.o or alternatively, you may file a bug at
110	https://bugs.gentoo.org.
111
112	License
113	=======
114
115	Copyright 2020 Gentoo Foundation, Inc; referenced text
116	belongs to its owner(s).
117
118	The contents of this document are licensed under the
119	Creative Commons - Attribution / Share Alike license.
120
121	https://creativecommons.org/licenses/by-sa/2.5