Gentoo: GLSA-201610-09: Chromium: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details.
Resolution
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-54.0.2840.59"
References
[ 1 ] CVE-2016-5127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5127 [ 2 ] CVE-2016-5128 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5128 [ 3 ] CVE-2016-5129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5129 [ 4 ] CVE-2016-5130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5130 [ 5 ] CVE-2016-5131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5131 [ 6 ] CVE-2016-5132 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5132 [ 7 ] CVE-2016-5133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5133 [ 8 ] CVE-2016-5134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5134 [ 9 ] CVE-2016-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5135 [ 10 ] CVE-2016-5136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5136 [ 11 ] CVE-2016-5137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5137 [ 12 ] CVE-2016-5138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5138 [ 13 ] CVE-2016-5139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5139 [ 14 ] CVE-2016-5140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5140 [ 15 ] CVE-2016-5141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5141 [ 16 ] CVE-2016-5142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5142 [ 17 ] CVE-2016-5143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5143 [ 18 ] CVE-2016-5144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5144 [ 19 ] CVE-2016-5145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5145 [ 20 ] CVE-2016-5146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5146 [ 21 ] CVE-2016-5147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5147 [ 22 ] CVE-2016-5148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5148 [ 23 ] CVE-2016-5149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5149 [ 24 ] CVE-2016-5150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5150 [ 25 ] CVE-2016-5151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5151 [ 26 ] CVE-2016-5152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5152 [ 27 ] CVE-2016-5153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5153 [ 28 ] CVE-2016-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5154 [ 29 ] CVE-2016-5155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5155 [ 30 ] CVE-2016-5156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5156 [ 31 ] CVE-2016-5157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5157 [ 32 ] CVE-2016-5158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5158 [ 33 ] CVE-2016-5159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5159 [ 34 ] CVE-2016-5160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5160 [ 35 ] CVE-2016-5161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5161 [ 36 ] CVE-2016-5162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5162 [ 37 ] CVE-2016-5163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5163 [ 38 ] CVE-2016-5164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5164 [ 39 ] CVE-2016-5165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5165 [ 40 ] CVE-2016-5166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5166 [ 41 ] CVE-2016-5167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5167 [ 42 ] CVE-2016-5170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5170 [ 43 ] CVE-2016-5171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5171 [ 44 ] CVE-2016-5172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5172 [ 45 ] CVE-2016-5173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5173 [ 46 ] CVE-2016-5174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5174 [ 47 ] CVE-2016-5175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5175 [ 48 ] CVE-2016-5177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5177 [ 49 ] CVE-2016-5178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5178 [ 50 ] CVE-2016-5181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5181 [ 51 ] CVE-2016-5182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5182 [ 52 ] CVE-2016-5183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5183 [ 53 ] CVE-2016-5184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5184 [ 54 ] CVE-2016-5185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5185 [ 55 ] CVE-2016-5186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5186 [ 56 ] CVE-2016-5187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5187 [ 57 ] CVE-2016-5188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5188 [ 58 ] CVE-2016-5189 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5189 [ 59 ] CVE-2016-5190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5190 [ 60 ] CVE-2016-5191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5191 [ 61 ] CVE-2016-5192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5192 [ 62 ] CVE-2016-5193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5193 [ 63 ] CVE-2016-5194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5194
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-09
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code.
Background
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 54.0.2840.59 >= 54.0.2840.59
Impact
===== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.
Workaround
There is no known workaround at this time.