summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGLSAMaker <glsamaker@gentoo.org>2024-02-19 05:58:06 +0000
committerJohn Helmert III <ajak@gentoo.org>2024-02-18 22:10:22 -0800
commit7a125f7a086a739d056063da56386fef4fe01284 (patch)
treecef578e80809d6106002dc9396d8efa3c8c86e84
parent[ GLSA 202402-22 ] intel-microcode: Multiple Vulnerabilities (diff)
downloadglsa-7a125f7a086a739d056063da56386fef4fe01284.tar.gz
glsa-7a125f7a086a739d056063da56386fef4fe01284.tar.bz2
glsa-7a125f7a086a739d056063da56386fef4fe01284.zip
[ GLSA 202402-23 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Bug: https://bugs.gentoo.org/922062 Bug: https://bugs.gentoo.org/922340 Bug: https://bugs.gentoo.org/922903 Bug: https://bugs.gentoo.org/923370 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org>
-rw-r--r--glsa-202402-23.xml84
1 files changed, 84 insertions, 0 deletions
diff --git a/glsa-202402-23.xml b/glsa-202402-23.xml
new file mode 100644
index 00000000..237b5858
--- /dev/null
+++ b/glsa-202402-23.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
+<glsa id="202402-23">
+ <title>Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities</title>
+ <synopsis>Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.</synopsis>
+ <product type="ebuild">chromium,google-chrome,microsoft-edge</product>
+ <announced>2024-02-19</announced>
+ <revised count="1">2024-02-19</revised>
+ <bug>922062</bug>
+ <bug>922340</bug>
+ <bug>922903</bug>
+ <bug>923370</bug>
+ <access>remote</access>
+ <affected>
+ <package name="www-client/chromium" auto="yes" arch="*">
+ <unaffected range="ge">121.0.6167.139</unaffected>
+ <vulnerable range="lt">121.0.6167.139</vulnerable>
+ </package>
+ <package name="www-client/google-chrome" auto="yes" arch="*">
+ <unaffected range="ge">121.0.6167.139</unaffected>
+ <vulnerable range="lt">121.0.6167.139</vulnerable>
+ </package>
+ <package name="www-client/microsoft-edge" auto="yes" arch="*">
+ <unaffected range="ge">121.0.2277.83</unaffected>
+ <vulnerable range="lt">121.0.2277.83</vulnerable>
+ </package>
+ </affected>
+ <background>
+ <p>Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.</p>
+ </background>
+ <description>
+ <p>Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.</p>
+ </description>
+ <impact type="high">
+ <p>Please review the referenced CVE identifiers for details.</p>
+ </impact>
+ <workaround>
+ <p>There is no known workaround at this time.</p>
+ </workaround>
+ <resolution>
+ <p>All Google Chrome users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/google-chrome-121.0.6167.139"
+ </code>
+
+ <p>All Chromium users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/chromium-121.0.6167.139"
+ </code>
+
+ <p>All Microsoft Edge users should upgrade to the latest version:</p>
+
+ <code>
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-121.0.2277.83"
+ </code>
+ </resolution>
+ <references>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0333">CVE-2024-0333</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0517">CVE-2024-0517</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0518">CVE-2024-0518</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0519">CVE-2024-0519</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0804">CVE-2024-0804</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0805">CVE-2024-0805</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0806">CVE-2024-0806</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0807">CVE-2024-0807</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0808">CVE-2024-0808</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0809">CVE-2024-0809</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0810">CVE-2024-0810</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0811">CVE-2024-0811</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0812">CVE-2024-0812</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0813">CVE-2024-0813</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-0814">CVE-2024-0814</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1059">CVE-2024-1059</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1060">CVE-2024-1060</uri>
+ <uri link="https://nvd.nist.gov/vuln/detail/CVE-2024-1077">CVE-2024-1077</uri>
+ </references>
+ <metadata tag="requester" timestamp="2024-02-19T05:58:06.874508Z">graaff</metadata>
+ <metadata tag="submitter" timestamp="2024-02-19T05:58:06.876972Z">ajak</metadata>
+</glsa> \ No newline at end of file