1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202402-23 ] Chromium, Google Chrome, Microsoft

    From [email protected]@21:1/5 to All on Mon Feb 19 07:20:01 2024
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202402-23
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: High
    Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
    Date: February 19, 2024
    Bugs: #922062, #922340, #922903, #923370
    ID: 202402-23

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been discovered in Chromium and its
    derivatives, the worst of which can lead to remote code execution.

    Background
    ==========

    Chromium is an open-source browser project that aims to build a safer,
    faster, and more stable way for all users to experience the web. Google
    Chrome is one fast, simple, and secure browser for all your devices.
    Microsoft Edge is a browser that combines a minimal design with
    sophisticated technology to make the web faster, safer, and easier.

    Affected packages
    =================

    Package Vulnerable Unaffected ------------------------- ---------------- ----------------- www-client/chromium < 121.0.6167.139 >= 121.0.6167.139 www-client/google-chrome < 121.0.6167.139 >= 121.0.6167.139 www-client/microsoft-edge < 121.0.2277.83 >= 121.0.2277.83

    Description
    ===========

    Multiple vulnerabilities have been discovered in Chromium and its
    derivatives. Please review the CVE identifiers referenced below for
    details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All Google Chrome users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/google-chrome-121.0.6167.139"

    All Chromium users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/chromium-121.0.6167.139"

    All Microsoft Edge users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-121.0.2277.83"

    References
    ==========

    [ 1 ] CVE-2024-0333
    https://nvd.nist.gov/vuln/detail/CVE-2024-0333
    [ 2 ] CVE-2024-0517
    https://nvd.nist.gov/vuln/detail/CVE-2024-0517
    [ 3 ] CVE-2024-0518
    https://nvd.nist.gov/vuln/detail/CVE-2024-0518
    [ 4 ] CVE-2024-0519
    https://nvd.nist.gov/vuln/detail/CVE-2024-0519
    [ 5 ] CVE-2024-0804
    https://nvd.nist.gov/vuln/detail/CVE-2024-0804
    [ 6 ] CVE-2024-0805
    https://nvd.nist.gov/vuln/detail/CVE-2024-0805
    [ 7 ] CVE-2024-0806
    https://nvd.nist.gov/vuln/detail/CVE-2024-0806
    [ 8 ] CVE-2024-0807
    https://nvd.nist.gov/vuln/detail/CVE-2024-0807
    [ 9 ] CVE-2024-0808
    https://nvd.nist.gov/vuln/detail/CVE-2024-0808
    [ 10 ] CVE-2024-0809
    https://nvd.nist.gov/vuln/detail/CVE-2024-0809
    [ 11 ] CVE-2024-0810
    https://nvd.nist.gov/vuln/detail/CVE-2024-0810
    [ 12 ] CVE-2024-0811
    https://nvd.nist.gov/vuln/detail/CVE-2024-0811
    [ 13 ] CVE-2024-0812
    https://nvd.nist.gov/vuln/detail/CVE-2024-0812
    [ 14 ] CVE-2024-0813
    https://nvd.nist.gov/vuln/detail/CVE-2024-0813
    [ 15 ] CVE-2024-0814
    https://nvd.nist.gov/vuln/detail/CVE-2024-0814
    [ 16 ] CVE-2024-1059
    https://nvd.nist.gov/vuln/detail/CVE-2024-1059
    [ 17 ] CVE-2024-1060
    https://nvd.nist.gov/vuln/detail/CVE-2024-1060
    [ 18 ] CVE-2024-1077
    https://nvd.nist.gov/vuln/detail/CVE-2024-1077

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202402-23

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2024 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmXS7fIACgkQFMQkOaVy +9lwlRAA2Cu7Um93LJ08SKkvyPz33yn+0R9cOO0MbussPRdqR7J411QOLvWjmNt/ vnB6rLFCW4SzoQWv5mZUNJQTRDyQI1Oo32rBKj4LfV0QP6eYQuYmdR9TfaEBB2on ZJvA6zU+TzdvSXwFGo9trG6UEk6JAWgpABDsxHouJ9a2UlgxiSOjF317O3tiiPPh 18Mux+WJ6HRsk1AXkOQNmEHAAGidZ45SPRhW3VsU1mDq16FIjhTNzGK9VNWqxeum iaDQkS17D3EQxYKlq1hleYXuU1OznsdnqYrdXLEd+6akEV4jfW56fdRwCMUS8u6i iXNJhSFkA2Of8uTdpzFX3ULu3p8BKRax3X9iUTqeCCFzwZCQnc088GRXCR2B4NmR GaGjvwEePFsDbMR7may0HoVhb0FCCMS+D19VY58/iE0Qoynhd220avRnO6xe9f3X G+53aOwjnx6EzQZ0MqWHZf59YGBnHBsNNfUtAf3JjXS5lolEkgoveH+390QRus2S 5EKghM1zi9VxceXkVxxZKV9jwMbQIyhbw6L79NlxfBuXa/+OOp0qKTIse9Vy5AlF OKytQr8QxyQDpQIX/QgiSo0DN5wdDrTG2Ey0jMnWzCKGaaMIULAAbDcW7jLg/kIx fTwyqM/MKEWI/Ctw6YE+C7uxZdlFu2c06iA1C2V72qs8baQnek8=
    =SRyo
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)