View previous topic :: View next topic |
Author |
Message |
GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Jan 08, 2018 1:26 am Post subject: [ GLSA 201801-03 ] Chromium, Google Chrome |
|
|
Gentoo Linux Security Advisory
Title: Chromium, Google Chrome: Multiple vulnerabilities (GLSA 201801-03)
Severity: normal
Exploitable: local, remote
Date: 2018-01-07
Bug(s): #640334, #641376
ID: 201801-03
Synopsis
Multiple vulnerabilities have been found in Chromium and Google
Chrome, the worst of which could result in the execution of arbitrary code.
Background
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your
devices
Affected Packages
Package: www-client/chromium
Vulnerable: < 63.0.3239.108
Unaffected: >= 63.0.3239.108
Architectures: All supported architectures
Package: www-client/google-chrome
Vulnerable: < 63.0.3239.108
Unaffected: >= 63.0.3239.108
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, bypass
content security controls, or conduct URL spoofing.
Workaround
There are no known workarounds at this time.
Resolution
All Chromium users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/chromium-63.0.3239.108"
| All Google Chrome users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/google-chrome-63.0.3239.108"
|
References
CVE-2017-15407
CVE-2017-15408
CVE-2017-15409
CVE-2017-15410
CVE-2017-15411
CVE-2017-15412
CVE-2017-15413
CVE-2017-15415
CVE-2017-15416
CVE-2017-15417
CVE-2017-15418
CVE-2017-15419
CVE-2017-15420
CVE-2017-15422
CVE-2017-15423
CVE-2017-15424
CVE-2017-15425
CVE-2017-15426
CVE-2017-15427
CVE-2017-15429
Google Chrome Release 20171206
Google Chrome Release 20171214
Last edited by GLSA on Mon Jan 15, 2018 4:17 am; edited 1 time in total |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|