- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202309-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
     Date: September 30, 2023
     Bugs: #893660, #904252, #904394, #904560, #905297, #905620, #905883, #906586
       ID: 202309-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Chromium and its
derivatives, the worst of which could result in remote code execution.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your
devices.

Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.

Affected packages
=================

Package                    Vulnerable        Unaffected
-------------------------  ----------------  -----------------
www-client/chromium        < 113.0.5672.126  >= 113.0.5672.126
www-client/chromium-bin    < 113.0.5672.126  Vulnerable!
www-client/google-chrome   < 113.0.5672.126  >= 113.0.5672.126
www-client/microsoft-edge  < 113.0.1774.50   >= 113.0.1774.50

Description
===========

Multiple vulnerabilities have been discovered in Chromium and its
derivatives. Please review the CVE identifiers referenced below for
details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/chromium-113.0.5672.126"

All Google Chrome users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-113.0.5672.126"

All Microsoft Edge users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-113.0.1774.50"

Gentoo has discontinued support for www-client/chromium-bin. Users
should unmerge it in favor of the above alternatives:

  # emerge --ask --depclean --verbose "www-client/chromium-bin"

References
==========

[ 1 ] CVE-2023-0696
      https://nvd.nist.gov/vuln/detail/CVE-2023-0696
[ 2 ] CVE-2023-0697
      https://nvd.nist.gov/vuln/detail/CVE-2023-0697
[ 3 ] CVE-2023-0698
      https://nvd.nist.gov/vuln/detail/CVE-2023-0698
[ 4 ] CVE-2023-0699
      https://nvd.nist.gov/vuln/detail/CVE-2023-0699
[ 5 ] CVE-2023-0700
      https://nvd.nist.gov/vuln/detail/CVE-2023-0700
[ 6 ] CVE-2023-0701
      https://nvd.nist.gov/vuln/detail/CVE-2023-0701
[ 7 ] CVE-2023-0702
      https://nvd.nist.gov/vuln/detail/CVE-2023-0702
[ 8 ] CVE-2023-0703
      https://nvd.nist.gov/vuln/detail/CVE-2023-0703
[ 9 ] CVE-2023-0704
      https://nvd.nist.gov/vuln/detail/CVE-2023-0704
[ 10 ] CVE-2023-0705
      https://nvd.nist.gov/vuln/detail/CVE-2023-0705
[ 11 ] CVE-2023-0927
      https://nvd.nist.gov/vuln/detail/CVE-2023-0927
[ 12 ] CVE-2023-0928
      https://nvd.nist.gov/vuln/detail/CVE-2023-0928
[ 13 ] CVE-2023-0929
      https://nvd.nist.gov/vuln/detail/CVE-2023-0929
[ 14 ] CVE-2023-0930
      https://nvd.nist.gov/vuln/detail/CVE-2023-0930
[ 15 ] CVE-2023-0931
      https://nvd.nist.gov/vuln/detail/CVE-2023-0931
[ 16 ] CVE-2023-0932
      https://nvd.nist.gov/vuln/detail/CVE-2023-0932
[ 17 ] CVE-2023-0933
      https://nvd.nist.gov/vuln/detail/CVE-2023-0933
[ 18 ] CVE-2023-0941
      https://nvd.nist.gov/vuln/detail/CVE-2023-0941
[ 19 ] CVE-2023-1528
      https://nvd.nist.gov/vuln/detail/CVE-2023-1528
[ 20 ] CVE-2023-1529
      https://nvd.nist.gov/vuln/detail/CVE-2023-1529
[ 21 ] CVE-2023-1530
      https://nvd.nist.gov/vuln/detail/CVE-2023-1530
[ 22 ] CVE-2023-1531
      https://nvd.nist.gov/vuln/detail/CVE-2023-1531
[ 23 ] CVE-2023-1532
      https://nvd.nist.gov/vuln/detail/CVE-2023-1532
[ 24 ] CVE-2023-1533
      https://nvd.nist.gov/vuln/detail/CVE-2023-1533
[ 25 ] CVE-2023-1534
      https://nvd.nist.gov/vuln/detail/CVE-2023-1534
[ 26 ] CVE-2023-1810
      https://nvd.nist.gov/vuln/detail/CVE-2023-1810
[ 27 ] CVE-2023-1811
      https://nvd.nist.gov/vuln/detail/CVE-2023-1811
[ 28 ] CVE-2023-1812
      https://nvd.nist.gov/vuln/detail/CVE-2023-1812
[ 29 ] CVE-2023-1813
      https://nvd.nist.gov/vuln/detail/CVE-2023-1813
[ 30 ] CVE-2023-1814
      https://nvd.nist.gov/vuln/detail/CVE-2023-1814
[ 31 ] CVE-2023-1815
      https://nvd.nist.gov/vuln/detail/CVE-2023-1815
[ 32 ] CVE-2023-1816
      https://nvd.nist.gov/vuln/detail/CVE-2023-1816
[ 33 ] CVE-2023-1817
      https://nvd.nist.gov/vuln/detail/CVE-2023-1817
[ 34 ] CVE-2023-1818
      https://nvd.nist.gov/vuln/detail/CVE-2023-1818
[ 35 ] CVE-2023-1819
      https://nvd.nist.gov/vuln/detail/CVE-2023-1819
[ 36 ] CVE-2023-1820
      https://nvd.nist.gov/vuln/detail/CVE-2023-1820
[ 37 ] CVE-2023-1821
      https://nvd.nist.gov/vuln/detail/CVE-2023-1821
[ 38 ] CVE-2023-1822
      https://nvd.nist.gov/vuln/detail/CVE-2023-1822
[ 39 ] CVE-2023-1823
      https://nvd.nist.gov/vuln/detail/CVE-2023-1823
[ 40 ] CVE-2023-2033
      https://nvd.nist.gov/vuln/detail/CVE-2023-2033
[ 41 ] CVE-2023-2133
      https://nvd.nist.gov/vuln/detail/CVE-2023-2133
[ 42 ] CVE-2023-2134
      https://nvd.nist.gov/vuln/detail/CVE-2023-2134
[ 43 ] CVE-2023-2135
      https://nvd.nist.gov/vuln/detail/CVE-2023-2135
[ 44 ] CVE-2023-2136
      https://nvd.nist.gov/vuln/detail/CVE-2023-2136
[ 45 ] CVE-2023-2137
      https://nvd.nist.gov/vuln/detail/CVE-2023-2137
[ 46 ] CVE-2023-2459
      https://nvd.nist.gov/vuln/detail/CVE-2023-2459
[ 47 ] CVE-2023-2460
      https://nvd.nist.gov/vuln/detail/CVE-2023-2460
[ 48 ] CVE-2023-2461
      https://nvd.nist.gov/vuln/detail/CVE-2023-2461
[ 49 ] CVE-2023-2462
      https://nvd.nist.gov/vuln/detail/CVE-2023-2462
[ 50 ] CVE-2023-2463
      https://nvd.nist.gov/vuln/detail/CVE-2023-2463
[ 51 ] CVE-2023-2464
      https://nvd.nist.gov/vuln/detail/CVE-2023-2464
[ 52 ] CVE-2023-2465
      https://nvd.nist.gov/vuln/detail/CVE-2023-2465
[ 53 ] CVE-2023-2466
      https://nvd.nist.gov/vuln/detail/CVE-2023-2466
[ 54 ] CVE-2023-2467
      https://nvd.nist.gov/vuln/detail/CVE-2023-2467
[ 55 ] CVE-2023-2468
      https://nvd.nist.gov/vuln/detail/CVE-2023-2468
[ 56 ] CVE-2023-2721
      https://nvd.nist.gov/vuln/detail/CVE-2023-2721
[ 57 ] CVE-2023-2722
      https://nvd.nist.gov/vuln/detail/CVE-2023-2722
[ 58 ] CVE-2023-2723
      https://nvd.nist.gov/vuln/detail/CVE-2023-2723
[ 59 ] CVE-2023-2724
      https://nvd.nist.gov/vuln/detail/CVE-2023-2724
[ 60 ] CVE-2023-2725
      https://nvd.nist.gov/vuln/detail/CVE-2023-2725
[ 61 ] CVE-2023-2726
      https://nvd.nist.gov/vuln/detail/CVE-2023-2726
[ 62 ] CVE-2023-21720
      https://nvd.nist.gov/vuln/detail/CVE-2023-21720
[ 63 ] CVE-2023-21794
      https://nvd.nist.gov/vuln/detail/CVE-2023-21794
[ 64 ] CVE-2023-23374
      https://nvd.nist.gov/vuln/detail/CVE-2023-23374
[ 65 ] CVE-2023-28261
      https://nvd.nist.gov/vuln/detail/CVE-2023-28261
[ 66 ] CVE-2023-28286
      https://nvd.nist.gov/vuln/detail/CVE-2023-28286
[ 67 ] CVE-2023-29334
      https://nvd.nist.gov/vuln/detail/CVE-2023-29334
[ 68 ] CVE-2023-29350
      https://nvd.nist.gov/vuln/detail/CVE-2023-29350
[ 69 ] CVE-2023-29354
      https://nvd.nist.gov/vuln/detail/CVE-2023-29354

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202309-17

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo: GLSA-202309-17: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities

Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.

Summary

Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.

Resolution

All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-113.0.5672.126"
All Google Chrome users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/google-chrome-113.0.5672.126"
All Microsoft Edge users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-113.0.1774.50"
Gentoo has discontinued support for www-client/chromium-bin. Users should unmerge it in favor of the above alternatives:
# emerge --ask --depclean --verbose "www-client/chromium-bin"

References

[ 1 ] CVE-2023-0696 https://nvd.nist.gov/vuln/detail/CVE-2023-0696 [ 2 ] CVE-2023-0697 https://nvd.nist.gov/vuln/detail/CVE-2023-0697 [ 3 ] CVE-2023-0698 https://nvd.nist.gov/vuln/detail/CVE-2023-0698 [ 4 ] CVE-2023-0699 https://nvd.nist.gov/vuln/detail/CVE-2023-0699 [ 5 ] CVE-2023-0700 https://nvd.nist.gov/vuln/detail/CVE-2023-0700 [ 6 ] CVE-2023-0701 https://nvd.nist.gov/vuln/detail/CVE-2023-0701 [ 7 ] CVE-2023-0702 https://nvd.nist.gov/vuln/detail/CVE-2023-0702 [ 8 ] CVE-2023-0703 https://nvd.nist.gov/vuln/detail/CVE-2023-0703 [ 9 ] CVE-2023-0704 https://nvd.nist.gov/vuln/detail/CVE-2023-0704 [ 10 ] CVE-2023-0705 https://nvd.nist.gov/vuln/detail/CVE-2023-0705 [ 11 ] CVE-2023-0927 https://nvd.nist.gov/vuln/detail/CVE-2023-0927 [ 12 ] CVE-2023-0928 https://nvd.nist.gov/vuln/detail/CVE-2023-0928 [ 13 ] CVE-2023-0929 https://nvd.nist.gov/vuln/detail/CVE-2023-0929 [ 14 ] CVE-2023-0930 https://nvd.nist.gov/vuln/detail/CVE-2023-0930 [ 15 ] CVE-2023-0931 https://nvd.nist.gov/vuln/detail/CVE-2023-0931 [ 16 ] CVE-2023-0932 https://nvd.nist.gov/vuln/detail/CVE-2023-0932 [ 17 ] CVE-2023-0933 https://nvd.nist.gov/vuln/detail/CVE-2023-0933 [ 18 ] CVE-2023-0941 https://nvd.nist.gov/vuln/detail/CVE-2023-0941 [ 19 ] CVE-2023-1528 https://nvd.nist.gov/vuln/detail/CVE-2023-1528 [ 20 ] CVE-2023-1529 https://nvd.nist.gov/vuln/detail/CVE-2023-1529 [ 21 ] CVE-2023-1530 https://nvd.nist.gov/vuln/detail/CVE-2023-1530 [ 22 ] CVE-2023-1531 https://nvd.nist.gov/vuln/detail/CVE-2023-1531 [ 23 ] CVE-2023-1532 https://nvd.nist.gov/vuln/detail/CVE-2023-1532 [ 24 ] CVE-2023-1533 https://nvd.nist.gov/vuln/detail/CVE-2023-1533 [ 25 ] CVE-2023-1534 https://nvd.nist.gov/vuln/detail/CVE-2023-1534 [ 26 ] CVE-2023-1810 https://nvd.nist.gov/vuln/detail/CVE-2023-1810 [ 27 ] CVE-2023-1811 https://nvd.nist.gov/vuln/detail/CVE-2023-1811 [ 28 ] CVE-2023-1812 https://nvd.nist.gov/vuln/detail/CVE-2023-1812 [ 29 ] CVE-2023-1813 https://nvd.nist.gov/vuln/detail/CVE-2023-1813 [ 30 ] CVE-2023-1814 https://nvd.nist.gov/vuln/detail/CVE-2023-1814 [ 31 ] CVE-2023-1815 https://nvd.nist.gov/vuln/detail/CVE-2023-1815 [ 32 ] CVE-2023-1816 https://nvd.nist.gov/vuln/detail/CVE-2023-1816 [ 33 ] CVE-2023-1817 https://nvd.nist.gov/vuln/detail/CVE-2023-1817 [ 34 ] CVE-2023-1818 https://nvd.nist.gov/vuln/detail/CVE-2023-1818 [ 35 ] CVE-2023-1819 https://nvd.nist.gov/vuln/detail/CVE-2023-1819 [ 36 ] CVE-2023-1820 https://nvd.nist.gov/vuln/detail/CVE-2023-1820 [ 37 ] CVE-2023-1821 https://nvd.nist.gov/vuln/detail/CVE-2023-1821 [ 38 ] CVE-2023-1822 https://nvd.nist.gov/vuln/detail/CVE-2023-1822 [ 39 ] CVE-2023-1823 https://nvd.nist.gov/vuln/detail/CVE-2023-1823 [ 40 ] CVE-2023-2033 https://nvd.nist.gov/vuln/detail/CVE-2023-2033 [ 41 ] CVE-2023-2133 https://nvd.nist.gov/vuln/detail/CVE-2023-2133 [ 42 ] CVE-2023-2134 https://nvd.nist.gov/vuln/detail/CVE-2023-2134 [ 43 ] CVE-2023-2135 https://nvd.nist.gov/vuln/detail/CVE-2023-2135 [ 44 ] CVE-2023-2136 https://nvd.nist.gov/vuln/detail/CVE-2023-2136 [ 45 ] CVE-2023-2137 https://nvd.nist.gov/vuln/detail/CVE-2023-2137 [ 46 ] CVE-2023-2459 https://nvd.nist.gov/vuln/detail/CVE-2023-2459 [ 47 ] CVE-2023-2460 https://nvd.nist.gov/vuln/detail/CVE-2023-2460 [ 48 ] CVE-2023-2461 https://nvd.nist.gov/vuln/detail/CVE-2023-2461 [ 49 ] CVE-2023-2462 https://nvd.nist.gov/vuln/detail/CVE-2023-2462 [ 50 ] CVE-2023-2463 https://nvd.nist.gov/vuln/detail/CVE-2023-2463 [ 51 ] CVE-2023-2464 https://nvd.nist.gov/vuln/detail/CVE-2023-2464 [ 52 ] CVE-2023-2465 https://nvd.nist.gov/vuln/detail/CVE-2023-2465 [ 53 ] CVE-2023-2466 https://nvd.nist.gov/vuln/detail/CVE-2023-2466 [ 54 ] CVE-2023-2467 https://nvd.nist.gov/vuln/detail/CVE-2023-2467 [ 55 ] CVE-2023-2468 https://nvd.nist.gov/vuln/detail/CVE-2023-2468 [ 56 ] CVE-2023-2721 https://nvd.nist.gov/vuln/detail/CVE-2023-2721 [ 57 ] CVE-2023-2722 https://nvd.nist.gov/vuln/detail/CVE-2023-2722 [ 58 ] CVE-2023-2723 https://nvd.nist.gov/vuln/detail/CVE-2023-2723 [ 59 ] CVE-2023-2724 https://nvd.nist.gov/vuln/detail/CVE-2023-2724 [ 60 ] CVE-2023-2725 https://nvd.nist.gov/vuln/detail/CVE-2023-2725 [ 61 ] CVE-2023-2726 https://nvd.nist.gov/vuln/detail/CVE-2023-2726 [ 62 ] CVE-2023-21720 https://nvd.nist.gov/vuln/detail/CVE-2023-21720 [ 63 ] CVE-2023-21794 https://nvd.nist.gov/vuln/detail/CVE-2023-21794 [ 64 ] CVE-2023-23374 https://nvd.nist.gov/vuln/detail/CVE-2023-23374 [ 65 ] CVE-2023-28261 https://nvd.nist.gov/vuln/detail/CVE-2023-28261 [ 66 ] CVE-2023-28286 https://nvd.nist.gov/vuln/detail/CVE-2023-28286 [ 67 ] CVE-2023-29334 https://nvd.nist.gov/vuln/detail/CVE-2023-29334 [ 68 ] CVE-2023-29350 https://nvd.nist.gov/vuln/detail/CVE-2023-29350 [ 69 ] CVE-2023-29354 https://nvd.nist.gov/vuln/detail/CVE-2023-29354

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202309-17

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: High
Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Date: September 30, 2023
Bugs: #893660, #904252, #904394, #904560, #905297, #905620, #905883, #906586
ID: 202309-17

Synopsis

Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.

Background

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.

Affected Packages

Package Vulnerable Unaffected ------------------------- ---------------- ----------------- www-client/chromium < 113.0.5672.126 >= 113.0.5672.126 www-client/chromium-bin < 113.0.5672.126 Vulnerable! www-client/google-chrome < 113.0.5672.126 >= 113.0.5672.126 www-client/microsoft-edge < 113.0.1774.50 >= 113.0.1774.50

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.