diff options
author | GLSAMaker <glsamaker@gentoo.org> | 2024-02-19 05:58:06 +0000 |
---|---|---|
committer | John Helmert III <ajak@gentoo.org> | 2024-02-18 22:10:22 -0800 |
commit | 7a125f7a086a739d056063da56386fef4fe01284 (patch) | |
tree | cef578e80809d6106002dc9396d8efa3c8c86e84 | |
parent | [ GLSA 202402-22 ] intel-microcode: Multiple Vulnerabilities (diff) | |
download | glsa-7a125f7a086a739d056063da56386fef4fe01284.tar.gz glsa-7a125f7a086a739d056063da56386fef4fe01284.tar.bz2 glsa-7a125f7a086a739d056063da56386fef4fe01284.zip |
[ GLSA 202402-23 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Bug: https://bugs.gentoo.org/922062
Bug: https://bugs.gentoo.org/922340
Bug: https://bugs.gentoo.org/922903
Bug: https://bugs.gentoo.org/923370
Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
Signed-off-by: John Helmert III <ajak@gentoo.org>
-rw-r--r-- | glsa-202402-23.xml | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/glsa-202402-23.xml b/glsa-202402-23.xml new file mode 100644 index 00000000..237b5858 --- /dev/null +++ b/glsa-202402-23.xml @@ -0,0 +1,84 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202402-23"> + <title>Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.</synopsis> + <product type="ebuild">chromium,google-chrome,microsoft-edge</product> + <announced>2024-02-19</announced> + <revised count="1">2024-02-19</revised> + <bug>922062</bug> + <bug>922340</bug> + <bug>922903</bug> + <bug>923370</bug> + <access>remote</access> + <affected> + <package name="www-client/chromium" auto="yes" arch="*"> + <unaffected range="ge">121.0.6167.139</unaffected> + <vulnerable range="lt">121.0.6167.139</vulnerable> + </package> + <package name="www-client/google-chrome" auto="yes" arch="*"> + <unaffected range="ge">121.0.6167.139</unaffected> + <vulnerable range="lt">121.0.6167.139</vulnerable> + </package> + <package name="www-client/microsoft-edge" auto="yes" arch="*"> + <unaffected range="ge">121.0.2277.83</unaffected> + <vulnerable range="lt">121.0.2277.83</vulnerable> + </package> + </affected> + <background> + <p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Google Chrome users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/google-chrome-121.0.6167.139" + </code> + + <p>All Chromium users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/chromium-121.0.6167.139" + </code> + + <p>All Microsoft Edge users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-121.0.2277.83" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0333">CVE-2024-0333</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0517">CVE-2024-0517</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0518">CVE-2024-0518</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0519">CVE-2024-0519</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0804">CVE-2024-0804</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0805">CVE-2024-0805</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0806">CVE-2024-0806</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0807">CVE-2024-0807</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0808">CVE-2024-0808</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0809">CVE-2024-0809</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0810">CVE-2024-0810</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0811">CVE-2024-0811</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0812">CVE-2024-0812</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0813">CVE-2024-0813</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0814">CVE-2024-0814</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1059">CVE-2024-1059</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1060">CVE-2024-1060</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1077">CVE-2024-1077</uri> + </references> + <metadata tag="requester" timestamp="2024-02-19T05:58:06.874508Z">graaff</metadata> + <metadata tag="submitter" timestamp="2024-02-19T05:58:06.876972Z">ajak</metadata> +</glsa>
\ No newline at end of file |