Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202101-13 ] Chromium, Google Chrome: Multiple vulnerabilities
Date: Fri, 22 Jan 2021 16:29:55
Message-Id: YAr5eSfHQ4scnSoW@samurai
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202101-13
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Chromium, Google Chrome: Multiple vulnerabilities
9 Date: January 22, 2021
10 Bugs: #766207
11 ID: 202101-13
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Chromium and Google Chrome,
19 the worst of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Chromium is an open-source browser project that aims to build a safer,
25 faster, and more stable way for all users to experience the web.
26
27 Google Chrome is one fast, simple, and secure browser for all your
28 devices.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 www-client/chromium < 88.0.4324.96 >= 88.0.4324.96
37 2 www-client/google-chrome
38 < 88.0.4324.96 >= 88.0.4324.96
39 -------------------------------------------------------------------
40 2 affected packages
41
42 Description
43 ===========
44
45 Multiple vulnerabilities have been discovered in Chromium and Google
46 Chrome. Please review the CVE identifiers referenced below for details.
47
48 Impact
49 ======
50
51 Please review the referenced CVE identifiers for details.
52
53 Workaround
54 ==========
55
56 There is no known workaround at this time.
57
58 Resolution
59 ==========
60
61 All Chromium users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot -v ">=www-client/chromium-88.0.4324.96"
65
66 All Google Chrome users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge --ask --oneshot -v ">=www-client/google-chrome-88.0.4324.96"
70
71 References
72 ==========
73
74 [ 1 ] CVE-2020-16044
75 https://nvd.nist.gov/vuln/detail/CVE-2020-16044
76 [ 2 ] CVE-2021-21117
77 https://nvd.nist.gov/vuln/detail/CVE-2021-21117
78 [ 3 ] CVE-2021-21118
79 https://nvd.nist.gov/vuln/detail/CVE-2021-21118
80 [ 4 ] CVE-2021-21119
81 https://nvd.nist.gov/vuln/detail/CVE-2021-21119
82 [ 5 ] CVE-2021-21120
83 https://nvd.nist.gov/vuln/detail/CVE-2021-21120
84 [ 6 ] CVE-2021-21121
85 https://nvd.nist.gov/vuln/detail/CVE-2021-21121
86 [ 7 ] CVE-2021-21122
87 https://nvd.nist.gov/vuln/detail/CVE-2021-21122
88 [ 8 ] CVE-2021-21123
89 https://nvd.nist.gov/vuln/detail/CVE-2021-21123
90 [ 9 ] CVE-2021-21124
91 https://nvd.nist.gov/vuln/detail/CVE-2021-21124
92 [ 10 ] CVE-2021-21125
93 https://nvd.nist.gov/vuln/detail/CVE-2021-21125
94 [ 11 ] CVE-2021-21126
95 https://nvd.nist.gov/vuln/detail/CVE-2021-21126
96 [ 12 ] CVE-2021-21127
97 https://nvd.nist.gov/vuln/detail/CVE-2021-21127
98 [ 13 ] CVE-2021-21128
99 https://nvd.nist.gov/vuln/detail/CVE-2021-21128
100 [ 14 ] CVE-2021-21129
101 https://nvd.nist.gov/vuln/detail/CVE-2021-21129
102 [ 15 ] CVE-2021-21130
103 https://nvd.nist.gov/vuln/detail/CVE-2021-21130
104 [ 16 ] CVE-2021-21131
105 https://nvd.nist.gov/vuln/detail/CVE-2021-21131
106 [ 17 ] CVE-2021-21132
107 https://nvd.nist.gov/vuln/detail/CVE-2021-21132
108 [ 18 ] CVE-2021-21133
109 https://nvd.nist.gov/vuln/detail/CVE-2021-21133
110 [ 19 ] CVE-2021-21134
111 https://nvd.nist.gov/vuln/detail/CVE-2021-21134
112 [ 20 ] CVE-2021-21135
113 https://nvd.nist.gov/vuln/detail/CVE-2021-21135
114 [ 21 ] CVE-2021-21136
115 https://nvd.nist.gov/vuln/detail/CVE-2021-21136
116 [ 22 ] CVE-2021-21137
117 https://nvd.nist.gov/vuln/detail/CVE-2021-21137
118 [ 23 ] CVE-2021-21138
119 https://nvd.nist.gov/vuln/detail/CVE-2021-21138
120 [ 24 ] CVE-2021-21139
121 https://nvd.nist.gov/vuln/detail/CVE-2021-21139
122 [ 25 ] CVE-2021-21140
123 https://nvd.nist.gov/vuln/detail/CVE-2021-21140
124 [ 26 ] CVE-2021-21141
125 https://nvd.nist.gov/vuln/detail/CVE-2021-21141
126
127 Availability
128 ============
129
130 This GLSA and any updates to it are available for viewing at
131 the Gentoo Security Website:
132
133 https://security.gentoo.org/glsa/202101-13
134
135 Concerns?
136 =========
137
138 Security is a primary focus of Gentoo Linux and ensuring the
139 confidentiality and security of our users' machines is of utmost
140 importance to us. Any security concerns should be addressed to
141 security@g.o or alternatively, you may file a bug at
142 https://bugs.gentoo.org.
143
144 License
145 =======
146
147 Copyright 2021 Gentoo Foundation, Inc; referenced text
148 belongs to its owner(s).
149
150 The contents of this document are licensed under the
151 Creative Commons - Attribution / Share Alike license.
152
153 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups