Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 4 articles for you...
89
security advisoryfedoraheap overflowFedora 40: 2025-C0C371A0B6 moderate: chromium heap overflow
Update to 133.0.6943.126 CVE-2025-0999: Heap buffer overflow in V8 CVE-2025-1426: Heap buffer overflow in GPU CVE-2025-1006: Use after free in Network. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c0c371a0b6 2025-02-22 01:28:28.213453+00:00 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 40 Version : 133.0.6943.126 Release : 1.fc40 URL : http://www.chromium.org/Home Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: Update to 133.0.6943.126 CVE-2025-0999: Heap buffer overflow in V8 CVE-2025-1426: Heap buffer overflow in GPU CVE-2025-1006: Use after free in Network -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 19 2025 Than Ngo - 133.0.6943.126-1 - Update to 133.0.6943.126 * CVE-2025-0999: Heap buffer overflow in V8 * CVE-2025-1426: Heap buffer overflow in GPU * CVE-2025-1006: Use after free in Network -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c0c371a0b6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
Feb 22, 2025
•Important
Fedora
203
security advisoryupdatebrowserMageia 9: MGASA-2025-0029 critical: chrome object corruption fixes
Object corruption in V8. (CVE-2025-0611) Out of bounds memory access in V8. (CVE-2025-0612) References: - https://bugs.mageia.org/show_bug.cgi?id=33962 . MGASA-2025-0029 - Updated chromium-browser-stable packages fix security vulnerabilities Publication date: 30 Jan 2025 URL: https://advisories.mageia.org/MGASA-2025-0029.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-0611, CVE-2025-0612 Object corruption in V8. (CVE-2025-0611) Out of bounds memory access in V8. (CVE-2025-0612) References: - https://bugs.mageia.org/show_bug.cgi?id=33962 - https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html - https://www.cve.org/CVERecord?id=CVE-2025-0611 - https://www.cve.org/CVERecord?id=CVE-2025-0612 SRPMS: - 9/tainted/chromium-browser-stable-132.0.6834.110-1.mga9.tainted . Recent updates to the chromium-browser-stable packages address data integrity and memory handling problems, according to Mageia's most recent notice.. chromium browser update, security advisory, Mageia vulnerability, memory access issue, object corruption fix. . Severity: Critical. LinuxSecurity.com Team
Jan 30, 2025
•Critical
Mageia
89
security advisorycriticalFedoraFedora 38: FEDORA-2024-237107cece critical: chromium extension flaw
update to 120.0.6099.216 - High CVE-2024-0333: Insufficient data validation in Extensions. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-237107cece 2024-01-13 18:12:15.064739 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 38 Version : 120.0.6099.216 Release : 1.fc38 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: update to 120.0.6099.216 - High CVE-2024-0333: Insufficient data validation in Extensions -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 10 2024 Than Ngo - 120.0.6099.216-1 - update to 120.0.6099.216 * High CVE-2024-0333: Insufficient data validation in Extensions -------------------------------------------------------------------------------- References: [ 1 ] Bug #2257630 - CVE-2024-0333 chromium: chromium-browser: Insufficient data validation in Extensions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257630 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-237107cece' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announcemailing list --
Jan 13, 2024
•Critical
Fedora
89
security advisoryhigh severityfedoraFedora 39: FEDORA-2024-01607ac0ae High: chrome insufficient data validation
update to 120.0.6099.216 - High CVE-2024-0333: Insufficient data validation in Extensions. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-01607ac0ae 2024-01-11 01:15:19.066744 -------------------------------------------------------------------------------- Name : chromium Product : Fedora 39 Version : 120.0.6099.216 Release : 1.fc39 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). -------------------------------------------------------------------------------- Update Information: update to 120.0.6099.216 - High CVE-2024-0333: Insufficient data validation in Extensions -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 10 2024 Than Ngo - 120.0.6099.216-1 - update to 120.0.6099.216 * High CVE-2024-0333: Insufficient data validation in Extensions -------------------------------------------------------------------------------- References: [ 1 ] Bug #2257630 - CVE-2024-0333 chromium: chromium-browser: Insufficient data validation in Extensions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2257630 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-01607ac0ae' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announcemailing list --
Jan 11, 2024
Fedora
91
security advisoryhigh severityremote code executionGentoo GLSA-202309-17 High Severity: Chromium and Edge Risks
Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202309-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Date: September 30, 2023 Bugs: #893660, #904252, #904394, #904560, #905297, #905620, #905883, #906586 ID: 202309-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Background ========== Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Affected packages ================= Package Vulnerable Unaffected ------------------------- ---------------- ----------------- www-client/chromium < 113.0.5672.126 > = 113.0.5672.126 www-client/chromium-bin < 113.0.5672.126 Vulnerable! www-client/google-chrome < 113.0.5672.126 > = 113.0.5672.126 www-client/microsoft-edge < 113.0.1774.50 > = 113.0.1774.50 Description =========== Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at thistime. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-client/chromium-113.0.5672.126" All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-client/google-chrome-113.0.5672.126" All Microsoft Edge users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-client/microsoft-edge-113.0.1774.50" Gentoo has discontinued support for www-client/chromium-bin. Users should unmerge it in favor of the above alternatives: # emerge --ask --depclean --verbose "www-client/chromium-bin" References ========== [ 1 ] CVE-2023-0696 https://nvd.nist.gov/vuln/detail/CVE-2023-0696 [ 2 ] CVE-2023-0697 https://nvd.nist.gov/vuln/detail/CVE-2023-0697 [ 3 ] CVE-2023-0698 https://nvd.nist.gov/vuln/detail/CVE-2023-0698 [ 4 ] CVE-2023-0699 https://nvd.nist.gov/vuln/detail/CVE-2023-0699 [ 5 ] CVE-2023-0700 https://nvd.nist.gov/vuln/detail/CVE-2023-0700 [ 6 ] CVE-2023-0701 https://nvd.nist.gov/vuln/detail/CVE-2023-0701 [ 7 ] CVE-2023-0702 https://nvd.nist.gov/vuln/detail/CVE-2023-0702 [ 8 ] CVE-2023-0703 https://nvd.nist.gov/vuln/detail/CVE-2023-0703 [ 9 ] CVE-2023-0704 https://nvd.nist.gov/vuln/detail/CVE-2023-0704 [ 10 ] CVE-2023-0705 https://nvd.nist.gov/vuln/detail/CVE-2023-0705 [ 11 ] CVE-2023-0927 https://nvd.nist.gov/vuln/detail/CVE-2023-0927 [ 12 ] CVE-2023-0928 https://nvd.nist.gov/vuln/detail/CVE-2023-0928 [ 13 ] CVE-2023-0929 https://nvd.nist.gov/vuln/detail/CVE-2023-0929 [ 14 ] CVE-2023-0930 https://nvd.nist.gov/vuln/detail/CVE-2023-0930 [ 15 ] CVE-2023-0931 https://nvd.nist.gov/vuln/detail/CVE-2023-0931 [ 16 ] CVE-2023-0932 https://nvd.nist.gov/vuln/detail/CVE-2023-0932 [ 17 ] CVE-2023-0933 https://nvd.nist.gov/vuln/detail/CVE-2023-0933 [ 18 ] CVE-2023-0941 https://nvd.nist.gov/vuln/detail/CVE-2023-0941 [19 ] CVE-2023-1528 https://nvd.nist.gov/vuln/detail/CVE-2023-1528 [ 20 ] CVE-2023-1529 https://nvd.nist.gov/vuln/detail/CVE-2023-1529 [ 21 ] CVE-2023-1530 https://nvd.nist.gov/vuln/detail/CVE-2023-1530 [ 22 ] CVE-2023-1531 https://nvd.nist.gov/vuln/detail/CVE-2023-1531 [ 23 ] CVE-2023-1532 https://nvd.nist.gov/vuln/detail/CVE-2023-1532 [ 24 ] CVE-2023-1533 https://nvd.nist.gov/vuln/detail/CVE-2023-1533 [ 25 ] CVE-2023-1534 https://nvd.nist.gov/vuln/detail/CVE-2023-1534 [ 26 ] CVE-2023-1810 https://nvd.nist.gov/vuln/detail/CVE-2023-1810 [ 27 ] CVE-2023-1811 https://nvd.nist.gov/vuln/detail/CVE-2023-1811 [ 28 ] CVE-2023-1812 https://nvd.nist.gov/vuln/detail/CVE-2023-1812 [ 29 ] CVE-2023-1813 https://nvd.nist.gov/vuln/detail/CVE-2023-1813 [ 30 ] CVE-2023-1814 https://nvd.nist.gov/vuln/detail/CVE-2023-1814 [ 31 ] CVE-2023-1815 https://nvd.nist.gov/vuln/detail/CVE-2023-1815 [ 32 ] CVE-2023-1816 https://nvd.nist.gov/vuln/detail/CVE-2023-1816 [ 33 ] CVE-2023-1817 https://nvd.nist.gov/vuln/detail/CVE-2023-1817 [ 34 ] CVE-2023-1818 https://nvd.nist.gov/vuln/detail/CVE-2023-1818 [ 35 ] CVE-2023-1819 https://nvd.nist.gov/vuln/detail/CVE-2023-1819 [ 36 ] CVE-2023-1820 https://nvd.nist.gov/vuln/detail/CVE-2023-1820 [ 37 ] CVE-2023-1821 https://nvd.nist.gov/vuln/detail/CVE-2023-1821 [ 38 ] CVE-2023-1822 https://nvd.nist.gov/vuln/detail/CVE-2023-1822 [ 39 ] CVE-2023-1823 https://nvd.nist.gov/vuln/detail/CVE-2023-1823 [ 40 ] CVE-2023-2033 https://nvd.nist.gov/vuln/detail/CVE-2023-2033 [ 41 ] CVE-2023-2133 https://nvd.nist.gov/vuln/detail/CVE-2023-2133 [ 42 ] CVE-2023-2134 https://nvd.nist.gov/vuln/detail/CVE-2023-2134 [ 43 ] CVE-2023-2135 https://nvd.nist.gov/vuln/detail/CVE-2023-2135 [ 44 ] CVE-2023-2136 https://nvd.nist.gov/vuln/detail/CVE-2023-2136 [ 45 ] CVE-2023-2137 https://nvd.nist.gov/vuln/detail/CVE-2023-2137 [ 46 ] CVE-2023-2459 https://nvd.nist.gov/vuln/detail/CVE-2023-2459 [ 47 ] CVE-2023-2460 https://nvd.nist.gov/vuln/detail/CVE-2023-2460 [ 48 ] CVE-2023-2461 https://nvd.nist.gov/vuln/detail/CVE-2023-2461 [ 49 ] CVE-2023-2462 https://nvd.nist.gov/vuln/detail/CVE-2023-2462 [ 50 ] CVE-2023-2463 https://nvd.nist.gov/vuln/detail/CVE-2023-2463 [ 51 ] CVE-2023-2464 https://nvd.nist.gov/vuln/detail/CVE-2023-2464 [ 52 ] CVE-2023-2465 https://nvd.nist.gov/vuln/detail/CVE-2023-2465 [ 53 ] CVE-2023-2466 https://nvd.nist.gov/vuln/detail/CVE-2023-2466 [ 54 ] CVE-2023-2467 https://nvd.nist.gov/vuln/detail/CVE-2023-2467 [ 55 ] CVE-2023-2468 https://nvd.nist.gov/vuln/detail/CVE-2023-2468 [ 56 ] CVE-2023-2721 https://nvd.nist.gov/vuln/detail/CVE-2023-2721 [ 57 ] CVE-2023-2722 https://nvd.nist.gov/vuln/detail/CVE-2023-2722 [ 58 ] CVE-2023-2723 https://nvd.nist.gov/vuln/detail/CVE-2023-2723 [ 59 ] CVE-2023-2724 https://nvd.nist.gov/vuln/detail/CVE-2023-2724 [ 60 ] CVE-2023-2725 https://nvd.nist.gov/vuln/detail/CVE-2023-2725 [ 61 ] CVE-2023-2726 https://nvd.nist.gov/vuln/detail/CVE-2023-2726 [ 62 ] CVE-2023-21720 https://nvd.nist.gov/vuln/detail/CVE-2023-21720 [ 63 ] CVE-2023-21794 https://nvd.nist.gov/vuln/detail/CVE-2023-21794 [ 64 ] CVE-2023-23374 https://nvd.nist.gov/vuln/detail/CVE-2023-23374 [ 65 ] CVE-2023-28261 https://nvd.nist.gov/vuln/detail/CVE-2023-28261 [ 66 ] CVE-2023-28286 https://nvd.nist.gov/vuln/detail/CVE-2023-28286 [ 67 ] CVE-2023-29334 https://nvd.nist.gov/vuln/detail/CVE-2023-29334 [ 68 ] CVE-2023-29350 https://nvd.nist.gov/vuln/detail/CVE-2023-29350 [ 69 ] CVE-2023-29354 https://nvd.nist.gov/vuln/detail/CVE-2023-29354 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202309-17 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of ourusers' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 30, 2023
Gentoo
89
security advisorymoderateupdateFedora 35: FEDORA-2022-cf2b6123a5 Critical: Firefox Memory Leak Issue
Minor update for CVE-2022-1096. Also fixes dependency issues for chrome-remote- desktop and sizing issues where some libraries/binaries were not being stripped.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ba2c5339d4 2022-04-07 15:14:51.366181 --------------------------------------------------------------------------------Name : chromium Product : Fedora 34 Version : 99.0.4844.84 Release : 1.fc34 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). --------------------------------------------------------------------------------Update Information: Minor update for CVE-2022-1096. Also fixes dependency issues for chrome-remote-desktop and sizing issues where some libraries/binaries were not being stripped. --------------------------------------------------------------------------------ChangeLog: * Sun Mar 27 2022 Tom Callaway - 99.0.4844.84-1 - update to 99.0.4844.84 - package up libremoting_core.so* for chrome-remote-desktop - strip all the .so files (and binaries) * Sat Mar 19 2022 Tom Callaway - 99.0.4844.74-1 - update to 99.0.4844.74 --------------------------------------------------------------------------------References: [ 1 ] Bug #2068954 - CVE-2022-1096 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=2068954 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ba2c5339d4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 07, 2022
•Critical
Fedora
89
security advisorymoderateupdateFedora 32: FEDORA-2021-ff893e12c5 Moderate: Chromium Browser Update
Update to Chromium 90.0.4430.93. Fixes the following security issues: CVE-2021-21206 CVE-2021-21220 CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204 CVE-2021-21221 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-ff893e12c5 2021-05-12 05:31:44.610447 --------------------------------------------------------------------------------Name : chromium Product : Fedora 32 Version : 90.0.4430.93 Release : 1.fc32 URL : https://www.chromium.org/Home/ Summary : A WebKit (Blink) powered web browser that Google doesn't want you to use Description : Chromium is an open-source web browser, powered by WebKit (Blink). --------------------------------------------------------------------------------Update Information: Update to Chromium 90.0.4430.93. Fixes the following security issues: CVE-2021-21206 CVE-2021-21220 CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204 CVE-2021-21221 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21214 CVE-2021-21215 CVE-2021-21216 CVE-2021-21217 CVE-2021-21218 CVE-2021-21219 CVE-2021-21205 CVE-2021-21194 CVE-2021-21195 CVE-2021-21196 CVE-2021-21197 CVE-2021-21198 CVE-2021-21199 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226 CVE-2021-21227 CVE-2021-21232 CVE-2021-21233 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231 If you hold your broken appliances close to the screen when you update, it might fix them too. (fixes not guaranteed) --------------------------------------------------------------------------------ChangeLog: * Tue Apr 27 2021 Tom Callaway - 90.0.4430.93-1 - update to 90.0.4430.93 * Wed Apr 21 2021 Tom Callaway - 90.0.4430.85-1 -update to 90.0.4430.85 * Fri Apr 16 2021 Tom Callaway - 90.0.4430.72-1 - update to 90.0.4430.72 * Wed Apr 14 2021 Tom Callaway - 89.0.4389.128-1 - update to 89.0.4389.128 * Wed Mar 31 2021 Jonathan Wakely - 89.0.4389.90-5 - Rebuilt for removed libstdc++ symbols (#1937698) * Mon Mar 29 2021 Tom Callaway - 89.0.4389.90-4 - fix libva compile in rawhide --------------------------------------------------------------------------------References: [ 1 ] Bug #1945106 - CVE-2021-21194 chromium-browser: Use after free in screen capture https://bugzilla.redhat.com/show_bug.cgi?id=1945106 [ 2 ] Bug #1945107 - CVE-2021-21195 chromium-browser: Use after free in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1945107 [ 3 ] Bug #1945108 - CVE-2021-21196 chromium-browser: Heap buffer overflow in TabStrip https://bugzilla.redhat.com/show_bug.cgi?id=1945108 [ 4 ] Bug #1945109 - CVE-2021-21197 chromium-browser: Heap buffer overflow in TabStrip https://bugzilla.redhat.com/show_bug.cgi?id=1945109 [ 5 ] Bug #1945110 - CVE-2021-21198 chromium-browser: Out of bounds read in IPC https://bugzilla.redhat.com/show_bug.cgi?id=1945110 [ 6 ] Bug #1945111 - CVE-2021-21199 chromium-browser: Use Use after free in Aura https://bugzilla.redhat.com/show_bug.cgi?id=1945111 [ 7 ] Bug #1949617 - CVE-2021-21206 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1949617 [ 8 ] Bug #1949618 - CVE-2021-21220 chromium-browser: Insufficient validation of untrusted input in V8 for x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=1949618 [ 9 ] Bug #1950436 - CVE-2021-21201 chromium-browser: Use after free in permissions https://bugzilla.redhat.com/show_bug.cgi?id=1950436 [ 10 ] Bug #1950437 - CVE-2021-21202 chromium-browser: Use after free in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1950437 [ 11 ] Bug #1950438 - CVE-2021-21203 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1950438 [ 12 ] Bug #1950439 - CVE-2021-21204 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1950439 [ 13 ] Bug #1950440 - CVE-2021-21221 chromium-browser: Insufficient validation of untrusted input in Mojo https://bugzilla.redhat.com/show_bug.cgi?id=1950440 [ 14 ] Bug #1950441 - CVE-2021-21207 chromium-browser: Use after free in IndexedDB https://bugzilla.redhat.com/show_bug.cgi?id=1950441 [ 15 ] Bug #1950442 - CVE-2021-21208 chromium-browser: Insufficient data validation in QR scanner https://bugzilla.redhat.com/show_bug.cgi?id=1950442 [ 16 ] Bug #1950443 - CVE-2021-21209 chromium-browser: Inappropriate implementation in storage https://bugzilla.redhat.com/show_bug.cgi?id=1950443 [ 17 ] Bug #1950444 - CVE-2021-21210 chromium-browser: Inappropriate implementation in Network https://bugzilla.redhat.com/show_bug.cgi?id=1950444 [ 18 ] Bug #1950445 - CVE-2021-21211 chromium-browser: Inappropriate implementation in Navigation https://bugzilla.redhat.com/show_bug.cgi?id=1950445 [ 19 ] Bug #1950446 - CVE-2021-21212 chromium-browser: Incorrect security UI in Network Config UI https://bugzilla.redhat.com/show_bug.cgi?id=1950446 [ 20 ] Bug #1950447 - CVE-2021-21213 chromium-browser: Use after free in WebMIDI https://bugzilla.redhat.com/show_bug.cgi?id=1950447 [ 21 ] Bug #1950448 - CVE-2021-21214 chromium-browser: Use after free in Network API https://bugzilla.redhat.com/show_bug.cgi?id=1950448 [ 22 ] Bug #1950449 - CVE-2021-21215 chromium-browser: Inappropriate implementation in Autofill https://bugzilla.redhat.com/show_bug.cgi?id=1950449 [ 23 ] Bug #1950450 - CVE-2021-21216 chromium-browser: Inappropriate implementation in Autofill https://bugzilla.redhat.com/show_bug.cgi?id=1950450 [ 24 ] Bug #1950451 - CVE-2021-21217 chromium-browser: Uninitialized Use in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1950451 [ 25 ] Bug #1950452 - CVE-2021-21218 chromium-browser: Uninitialized Use in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1950452 [ 26 ] Bug #1950453 - CVE-2021-21219 chromium-browser: Uninitialized Use in PDFium https://bugzilla.redhat.com/show_bug.cgi?id=1950453 [ 27 ] Bug #1950454 - CVE-2021-21205 chromium-browser: Insufficient policy enforcement in navigation https://bugzilla.redhat.com/show_bug.cgi?id=1950454 [ 28 ] Bug #1951741 - CVE-2021-21222 chromium-browser: Heap buffer overflow in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1951741 [ 29 ] Bug #1951742 - CVE-2021-21223 chromium-browser: Integer overflow in Mojo https://bugzilla.redhat.com/show_bug.cgi?id=1951742 [ 30 ] Bug #1951743 - CVE-2021-21224 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1951743 [ 31 ] Bug #1951744 - CVE-2021-21225 chromium-browser: Out of bounds memory access in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1951744 [ 32 ] Bug #1951745 - CVE-2021-21226 chromium-browser: Use after free in navigation https://bugzilla.redhat.com/show_bug.cgi?id=1951745 [ 33 ] Bug #1954051 - CVE-2021-21227 chromium-browser: Insufficient data validation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1954051 [ 34 ] Bug #1954052 - CVE-2021-21232 chromium-browser: Use after free in Dev Tools https://bugzilla.redhat.com/show_bug.cgi?id=1954052 [ 35 ] Bug #1954053 - CVE-2021-21233 chromium-browser: Heap buffer overflow in ANGLE https://bugzilla.redhat.com/show_bug.cgi?id=1954053 [ 36 ] Bug #1954054 - CVE-2021-21228 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1954054 [ 37 ] Bug #1954055 - CVE-2021-21229 chromium-browser: Incorrect security UI in downloads https://bugzilla.redhat.com/show_bug.cgi?id=1954055 [ 38 ] Bug #1954056 -CVE-2021-21230 chromium-browser: Type Confusion in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1954056 [ 39 ] Bug #1954058 - CVE-2021-21231 chromium-browser: Insufficient data validation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1954058 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-ff893e12c5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 12, 2021
Fedora
91
security advisorygentoosoftware updateGentoo: GLSA-202301-16 Moderate: Firefox Vulnerability Exploitation Issues
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium, Google Chrome: Multiple vulnerabilities Date: January 22, 2021 Bugs: #766207 ID: 202101-13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Background ========= Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 88.0.4324.96 > = 88.0.4324.96 2 www-client/google-chrome < 88.0.4324.96 > = 88.0.4324.96 ------------------------------------------------------------------- 2 affected packages Description ========== Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Chromium users should upgrade to the latest version: # emerge --sync # emerge--ask --oneshot -v "> =www-client/chromium-88.0.4324.96" All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =www-client/google-chrome-88.0.4324.96" References ========= [ 1 ] CVE-2020-16044 https://nvd.nist.gov/vuln/detail/CVE-2020-16044 [ 2 ] CVE-2021-21117 https://nvd.nist.gov/vuln/detail/CVE-2021-21117 [ 3 ] CVE-2021-21118 https://nvd.nist.gov/vuln/detail/CVE-2021-21118 [ 4 ] CVE-2021-21119 https://nvd.nist.gov/vuln/detail/CVE-2021-21119 [ 5 ] CVE-2021-21120 https://nvd.nist.gov/vuln/detail/CVE-2021-21120 [ 6 ] CVE-2021-21121 https://nvd.nist.gov/vuln/detail/CVE-2021-21121 [ 7 ] CVE-2021-21122 https://nvd.nist.gov/vuln/detail/CVE-2021-21122 [ 8 ] CVE-2021-21123 https://nvd.nist.gov/vuln/detail/CVE-2021-21123 [ 9 ] CVE-2021-21124 https://nvd.nist.gov/vuln/detail/CVE-2021-21124 [ 10 ] CVE-2021-21125 https://nvd.nist.gov/vuln/detail/CVE-2021-21125 [ 11 ] CVE-2021-21126 https://nvd.nist.gov/vuln/detail/CVE-2021-21126 [ 12 ] CVE-2021-21127 https://nvd.nist.gov/vuln/detail/CVE-2021-21127 [ 13 ] CVE-2021-21128 https://nvd.nist.gov/vuln/detail/CVE-2021-21128 [ 14 ] CVE-2021-21129 https://nvd.nist.gov/vuln/detail/CVE-2021-21129 [ 15 ] CVE-2021-21130 https://nvd.nist.gov/vuln/detail/CVE-2021-21130 [ 16 ] CVE-2021-21131 https://nvd.nist.gov/vuln/detail/CVE-2021-21131 [ 17 ] CVE-2021-21132 https://nvd.nist.gov/vuln/detail/CVE-2021-21132 [ 18 ] CVE-2021-21133 https://nvd.nist.gov/vuln/detail/CVE-2021-21133 [ 19 ] CVE-2021-21134 https://nvd.nist.gov/vuln/detail/CVE-2021-21134 [ 20 ] CVE-2021-21135 https://nvd.nist.gov/vuln/detail/CVE-2021-21135 [ 21 ] CVE-2021-21136 https://nvd.nist.gov/vuln/detail/CVE-2021-21136 [ 22 ] CVE-2021-21137 https://nvd.nist.gov/vuln/detail/CVE-2021-21137 [ 23 ] CVE-2021-21138 https://nvd.nist.gov/vuln/detail/CVE-2021-21138 [ 24 ] CVE-2021-21139 https://nvd.nist.gov/vuln/detail/CVE-2021-21139 [ 25 ] CVE-2021-21140 https://nvd.nist.gov/vuln/detail/CVE-2021-21140 [ 26 ] CVE-2021-21141 https://nvd.nist.gov/vuln/detail/CVE-2021-21141 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202101-13 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 22, 2021
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!