Gentoo: GLSA-202003-08: Chromium, Google Chrome: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details.
Resolution
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-80.0.3987.132"
All Google Chrome users should upgrade to the latest version:
# emerge --sync
# emerge -a --oneshot -v ">=www-client/google-chrome-80.0.3987.132"
References
[ 1 ] CVE-2019-13723 https://nvd.nist.gov/vuln/detail/CVE-2019-13723 [ 2 ] CVE-2019-13724 https://nvd.nist.gov/vuln/detail/CVE-2019-13724 [ 3 ] CVE-2019-13725 https://nvd.nist.gov/vuln/detail/CVE-2019-13725 [ 4 ] CVE-2019-13726 https://nvd.nist.gov/vuln/detail/CVE-2019-13726 [ 5 ] CVE-2019-13727 https://nvd.nist.gov/vuln/detail/CVE-2019-13727 [ 6 ] CVE-2019-13728 https://nvd.nist.gov/vuln/detail/CVE-2019-13728 [ 7 ] CVE-2019-13729 https://nvd.nist.gov/vuln/detail/CVE-2019-13729 [ 8 ] CVE-2019-13730 https://nvd.nist.gov/vuln/detail/CVE-2019-13730 [ 9 ] CVE-2019-13732 https://nvd.nist.gov/vuln/detail/CVE-2019-13732 [ 10 ] CVE-2019-13734 https://nvd.nist.gov/vuln/detail/CVE-2019-13734 [ 11 ] CVE-2019-13735 https://nvd.nist.gov/vuln/detail/CVE-2019-13735 [ 12 ] CVE-2019-13736 https://nvd.nist.gov/vuln/detail/CVE-2019-13736 [ 13 ] CVE-2019-13737 https://nvd.nist.gov/vuln/detail/CVE-2019-13737 [ 14 ] CVE-2019-13738 https://nvd.nist.gov/vuln/detail/CVE-2019-13738 [ 15 ] CVE-2019-13739 https://nvd.nist.gov/vuln/detail/CVE-2019-13739 [ 16 ] CVE-2019-13740 https://nvd.nist.gov/vuln/detail/CVE-2019-13740 [ 17 ] CVE-2019-13741 https://nvd.nist.gov/vuln/detail/CVE-2019-13741 [ 18 ] CVE-2019-13742 https://nvd.nist.gov/vuln/detail/CVE-2019-13742 [ 19 ] CVE-2019-13743 https://nvd.nist.gov/vuln/detail/CVE-2019-13743 [ 20 ] CVE-2019-13744 https://nvd.nist.gov/vuln/detail/CVE-2019-13744 [ 21 ] CVE-2019-13745 https://nvd.nist.gov/vuln/detail/CVE-2019-13745 [ 22 ] CVE-2019-13746 https://nvd.nist.gov/vuln/detail/CVE-2019-13746 [ 23 ] CVE-2019-13747 https://nvd.nist.gov/vuln/detail/CVE-2019-13747 [ 24 ] CVE-2019-13748 https://nvd.nist.gov/vuln/detail/CVE-2019-13748 [ 25 ] CVE-2019-13749 https://nvd.nist.gov/vuln/detail/CVE-2019-13749 [ 26 ] CVE-2019-13750 https://nvd.nist.gov/vuln/detail/CVE-2019-13750 [ 27 ] CVE-2019-13751 https://nvd.nist.gov/vuln/detail/CVE-2019-13751 [ 28 ] CVE-2019-13752 https://nvd.nist.gov/vuln/detail/CVE-2019-13752 [ 29 ] CVE-2019-13753 https://nvd.nist.gov/vuln/detail/CVE-2019-13753 [ 30 ] CVE-2019-13754 https://nvd.nist.gov/vuln/detail/CVE-2019-13754 [ 31 ] CVE-2019-13755 https://nvd.nist.gov/vuln/detail/CVE-2019-13755 [ 32 ] CVE-2019-13756 https://nvd.nist.gov/vuln/detail/CVE-2019-13756 [ 33 ] CVE-2019-13757 https://nvd.nist.gov/vuln/detail/CVE-2019-13757 [ 34 ] CVE-2019-13758 https://nvd.nist.gov/vuln/detail/CVE-2019-13758 [ 35 ] CVE-2019-13759 https://nvd.nist.gov/vuln/detail/CVE-2019-13759 [ 36 ] CVE-2019-13761 https://nvd.nist.gov/vuln/detail/CVE-2019-13761 [ 37 ] CVE-2019-13762 https://nvd.nist.gov/vuln/detail/CVE-2019-13762 [ 38 ] CVE-2019-13763 https://nvd.nist.gov/vuln/detail/CVE-2019-13763 [ 39 ] CVE-2019-13764 https://nvd.nist.gov/vuln/detail/CVE-2019-13764 [ 40 ] CVE-2019-13767 https://nvd.nist.gov/vuln/detail/CVE-2019-13767 [ 41 ] CVE-2020-6377 https://nvd.nist.gov/vuln/detail/CVE-2020-6377 [ 42 ] CVE-2020-6378 https://nvd.nist.gov/vuln/detail/CVE-2020-6378 [ 43 ] CVE-2020-6379 https://nvd.nist.gov/vuln/detail/CVE-2020-6379 [ 44 ] CVE-2020-6380 https://nvd.nist.gov/vuln/detail/CVE-2020-6380 [ 45 ] CVE-2020-6381 https://nvd.nist.gov/vuln/detail/CVE-2020-6381 [ 46 ] CVE-2020-6382 https://nvd.nist.gov/vuln/detail/CVE-2020-6382 [ 47 ] CVE-2020-6385 https://nvd.nist.gov/vuln/detail/CVE-2020-6385 [ 48 ] CVE-2020-6387 https://nvd.nist.gov/vuln/detail/CVE-2020-6387 [ 49 ] CVE-2020-6388 https://nvd.nist.gov/vuln/detail/CVE-2020-6388 [ 50 ] CVE-2020-6389 https://nvd.nist.gov/vuln/detail/CVE-2020-6389 [ 51 ] CVE-2020-6390 https://nvd.nist.gov/vuln/detail/CVE-2020-6390 [ 52 ] CVE-2020-6391 https://nvd.nist.gov/vuln/detail/CVE-2020-6391 [ 53 ] CVE-2020-6392 https://nvd.nist.gov/vuln/detail/CVE-2020-6392 [ 54 ] CVE-2020-6393 https://nvd.nist.gov/vuln/detail/CVE-2020-6393 [ 55 ] CVE-2020-6394 https://nvd.nist.gov/vuln/detail/CVE-2020-6394 [ 56 ] CVE-2020-6395 https://nvd.nist.gov/vuln/detail/CVE-2020-6395 [ 57 ] CVE-2020-6396 https://nvd.nist.gov/vuln/detail/CVE-2020-6396 [ 58 ] CVE-2020-6397 https://nvd.nist.gov/vuln/detail/CVE-2020-6397 [ 59 ] CVE-2020-6398 https://nvd.nist.gov/vuln/detail/CVE-2020-6398 [ 60 ] CVE-2020-6399 https://nvd.nist.gov/vuln/detail/CVE-2020-6399 [ 61 ] CVE-2020-6400 https://nvd.nist.gov/vuln/detail/CVE-2020-6400 [ 62 ] CVE-2020-6401 https://nvd.nist.gov/vuln/detail/CVE-2020-6401 [ 63 ] CVE-2020-6402 https://nvd.nist.gov/vuln/detail/CVE-2020-6402 [ 64 ] CVE-2020-6403 https://nvd.nist.gov/vuln/detail/CVE-2020-6403 [ 65 ] CVE-2020-6404 https://nvd.nist.gov/vuln/detail/CVE-2020-6404 [ 66 ] CVE-2020-6406 https://nvd.nist.gov/vuln/detail/CVE-2020-6406 [ 67 ] CVE-2020-6407 https://nvd.nist.gov/vuln/detail/CVE-2020-6407 [ 68 ] CVE-2020-6408 https://nvd.nist.gov/vuln/detail/CVE-2020-6408 [ 69 ] CVE-2020-6409 https://nvd.nist.gov/vuln/detail/CVE-2020-6409 [ 70 ] CVE-2020-6410 https://nvd.nist.gov/vuln/detail/CVE-2020-6410 [ 71 ] CVE-2020-6411 https://nvd.nist.gov/vuln/detail/CVE-2020-6411 [ 72 ] CVE-2020-6412 https://nvd.nist.gov/vuln/detail/CVE-2020-6412 [ 73 ] CVE-2020-6413 https://nvd.nist.gov/vuln/detail/CVE-2020-6413 [ 74 ] CVE-2020-6414 https://nvd.nist.gov/vuln/detail/CVE-2020-6414 [ 75 ] CVE-2020-6415 https://nvd.nist.gov/vuln/detail/CVE-2020-6415 [ 76 ] CVE-2020-6416 https://nvd.nist.gov/vuln/detail/CVE-2020-6416 [ 77 ] CVE-2020-6418 https://nvd.nist.gov/vuln/detail/CVE-2020-6418 [ 78 ] CVE-2020-6420 https://nvd.nist.gov/vuln/detail/CVE-2020-6420
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-08
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code.
Background
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your
devices.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 80.0.3987.132 >= 80.0.3987.132 2 www-client/google-chrome < 80.0.3987.132 >= 80.0.3987.132 ------------------------------------------------------------------- 2 affected packages
Impact
===== A remote attacker could execute arbitrary code, escalate privileges, obtain sensitive information, spoof an URL or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.