Forum: >>> Magnum BBS <<<

[gentoo-announce] [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft

From glsamaker@gentoo.org@21:1/5 to All on Wed Jan 31 16:50:03 2024

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202401-34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Date: January 31, 2024
Bugs: #907999, #908471, #909283, #910522, #911675, #912364, #913016, #913710, #914350, #914871, #915137, #915560, #915961, #916252, #916620, #917021, #917357, #918882, #919321, #919802, #920442, #921337
ID: 202401-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Chromium and its
derivatives, the worst of which can lead to remote code execution.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your
devices.

Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.

Affected packages
=================

Package Vulnerable Unaffected ------------------------- ---------------- ----------------- www-client/chromium < 120.0.6099.109 >= 120.0.6099.109 www-client/google-chrome < 120.0.6099.109 >= 120.0.6099.109 www-client/microsoft-edge < 120.0.2210.133 >= 120.0.2210.133

Description
===========

Multiple vulnerabilities have been discovered in Chromium and its
derivatives. Please review the CVE identifiers referenced below for
details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Google Chrome users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-120.0.6099.109"

All Chromium users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-120.0.6099.109"

All Microsoft Edge users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-120.0.2210.133"

References
==========

[ 1 ] CVE-2023-2312
https://nvd.nist.gov/vuln/detail/CVE-2023-2312
[ 2 ] CVE-2023-2929
https://nvd.nist.gov/vuln/detail/CVE-2023-2929
[ 3 ] CVE-2023-2930
https://nvd.nist.gov/vuln/detail/CVE-2023-2930
[ 4 ] CVE-2023-2931
https://nvd.nist.gov/vuln/detail/CVE-2023-2931
[ 5 ] CVE-2023-2932
https://nvd.nist.gov/vuln/detail/CVE-2023-2932
[ 6 ] CVE-2023-2933
https://nvd.nist.gov/vuln/detail/CVE-2023-2933
[ 7 ] CVE-2023-2934
https://nvd.nist.gov/vuln/detail/CVE-2023-2934
[ 8 ] CVE-2023-2935
https://nvd.nist.gov/vuln/detail/CVE-2023-2935
[ 9 ] CVE-2023-2936
https://nvd.nist.gov/vuln/detail/CVE-2023-2936
[ 10 ] CVE-2023-2937
https://nvd.nist.gov/vuln/detail/CVE-2023-2937
[ 11 ] CVE-2023-2938
https://nvd.nist.gov/vuln/detail/CVE-2023-2938
[ 12 ] CVE-2023-2939
https://nvd.nist.gov/vuln/detail/CVE-2023-2939
[ 13 ] CVE-2023-2940
https://nvd.nist.gov/vuln/detail/CVE-2023-2940
[ 14 ] CVE-2023-2941
https://nvd.nist.gov/vuln/detail/CVE-2023-2941
[ 15 ] CVE-2023-3079
https://nvd.nist.gov/vuln/detail/CVE-2023-3079
[ 16 ] CVE-2023-3214
https://nvd.nist.gov/vuln/detail/CVE-2023-3214
[ 17 ] CVE-2023-3215
https://nvd.nist.gov/vuln/detail/CVE-2023-3215
[ 18 ] CVE-2023-3216
https://nvd.nist.gov/vuln/detail/CVE-2023-3216
[ 19 ] CVE-2023-3217
https://nvd.nist.gov/vuln/detail/CVE-2023-3217
[ 20 ] CVE-2023-3420
https://nvd.nist.gov/vuln/detail/CVE-2023-3420
[ 21 ] CVE-2023-3421
https://nvd.nist.gov/vuln/detail/CVE-2023-3421
[ 22 ] CVE-2023-3422
https://nvd.nist.gov/vuln/detail/CVE-2023-3422
[ 23 ] CVE-2023-3727
https://nvd.nist.gov/vuln/detail/CVE-2023-3727
[ 24 ] CVE-2023-3728
https://nvd.nist.gov/vuln/detail/CVE-2023-3728
[ 25 ] CVE-2023-3730
https://nvd.nist.gov/vuln/detail/CVE-2023-3730
[ 26 ] CVE-2023-3732
https://nvd.nist.gov/vuln/detail/CVE-2023-3732
[ 27 ] CVE-2023-3733
https://nvd.nist.gov/vuln/detail/CVE-2023-3733
[ 28 ] CVE-2023-3734
https://nvd.nist.gov/vuln/detail/CVE-2023-3734
[ 29 ] CVE-2023-3735
https://nvd.nist.gov/vuln/detail/CVE-2023-3735
[ 30 ] CVE-2023-3736
https://nvd.nist.gov/vuln/detail/CVE-2023-3736
[ 31 ] CVE-2023-3737
https://nvd.nist.gov/vuln/detail/CVE-2023-3737
[ 32 ] CVE-2023-3738
https://nvd.nist.gov/vuln/detail/CVE-2023-3738
[ 33 ] CVE-2023-3740
https://nvd.nist.gov/vuln/detail/CVE-2023-3740
[ 34 ] CVE-2023-4068
https://nvd.nist.gov/vuln/detail/CVE-2023-4068
[ 35 ] CVE-2023-4069
https://nvd.nist.gov/vuln/detail/CVE-2023-4069
[ 36 ] CVE-2023-4070
https://nvd.nist.gov/vuln/detail/CVE-2023-4070
[ 37 ] CVE-2023-4071
https://nvd.nist.gov/vuln/detail/CVE-2023-4071
[ 38 ] CVE-2023-4072
https://nvd.nist.gov/vuln/detail/CVE-2023-4072
[ 39 ] CVE-2023-4073
https://nvd.nist.gov/vuln/detail/CVE-2023-4073
[ 40 ] CVE-2023-4074
https://nvd.nist.gov/vuln/detail/CVE-2023-4074
[ 41 ] CVE-2023-4075
https://nvd.nist.gov/vuln/detail/CVE-2023-4075
[ 42 ] CVE-2023-4076
https://nvd.nist.gov/vuln/detail/CVE-2023-4076
[ 43 ] CVE-2023-4077
https://nvd.nist.gov/vuln/detail/CVE-2023-4077
[ 44 ] CVE-2023-4078
https://nvd.nist.gov/vuln/detail/CVE-2023-4078
[ 45 ] CVE-2023-4349
https://nvd.nist.gov/vuln/detail/CVE-2023-4349
[ 46 ] CVE-2023-4350
https://nvd.nist.gov/vuln/detail/CVE-2023-4350
[ 47 ] CVE-2023-4351
https://nvd.nist.gov/vuln/detail/CVE-2023-4351
[ 48 ] CVE-2023-4352
https://nvd.nist.gov/vuln/detail/CVE-2023-4352
[ 49 ] CVE-2023-4353
https://nvd.nist.gov/vuln/detail/CVE-2023-4353
[ 50 ] CVE-2023-4354
https://nvd.nist.gov/vuln/detail/CVE-2023-4354
[ 51 ] CVE-2023-4355
https://nvd.nist.gov/vuln/detail/CVE-2023-4355
[ 52 ] CVE-2023-4356
https://nvd.nist.gov/vuln/detail/CVE-2023-4356
[ 53 ] CVE-2023-4357
https://nvd.nist.gov/vuln/detail/CVE-2023-4357
[ 54 ] CVE-2023-4358
https://nvd.nist.gov/vuln/detail/CVE-2023-4358
[ 55 ] CVE-2023-4359
https://nvd.nist.gov/vuln/detail/CVE-2023-4359
[ 56 ] CVE-2023-4360
https://nvd.nist.gov/vuln/detail/CVE-2023-4360
[ 57 ] CVE-2023-4361
https://nvd.nist.gov/vuln/detail/CVE-2023-4361
[ 58 ] CVE-2023-4362
https://nvd.nist.gov/vuln/detail/CVE-2023-4362
[ 59 ] CVE-2023-4363
https://nvd.nist.gov/vuln/detail/CVE-2023-4363
[ 60 ] CVE-2023-4364
https://nvd.nist.gov/vuln/detail/CVE-2023-4364
[ 61 ] CVE-2023-4365
https://nvd.nist.gov/vuln/detail/CVE-2023-4365
[ 62 ] CVE-2023-4366
https://nvd.nist.gov/vuln/detail/CVE-2023-4366
[ 63 ] CVE-2023-4367
https://nvd.nist.gov/vuln/detail/CVE-2023-4367
[ 64 ] CVE-2023-4368
https://nvd.nist.gov/vuln/detail/CVE-2023-4368
[ 65 ] CVE-2023-4427
https://nvd.nist.gov/vuln/detail/CVE-2023-4427
[ 66 ] CVE-2023-4428
https://nvd.nist.gov/vuln/detail/CVE-2023-4428
[ 67 ] CVE-2023-4429
https://nvd.nist.gov/vuln/detail/CVE-2023-4429
[ 68 ] CVE-2023-4430
https://nvd.nist.gov/vuln/detail/CVE-2023-4430
[ 69 ] CVE-2023-4431
https://nvd.nist.gov/vuln/detail/CVE-2023-4431
[ 70 ] CVE-2023-4572
https://nvd.nist.gov/vuln/detail/CVE-2023-4572
[ 71 ] CVE-2023-4761
https://nvd.nist.gov/vuln/detail/CVE-2023-4761
[ 72 ] CVE-2023-4762
https://nvd.nist.gov/vuln/detail/CVE-2023-4762
[ 73 ] CVE-2023-4763
https://nvd.nist.gov/vuln/detail/CVE-2023-4763
[ 74 ] CVE-2023-4764
https://nvd.nist.gov/vuln/detail/CVE-2023-4764
[ 75 ] CVE-2023-4900
https://nvd.nist.gov/vuln/detail/CVE-2023-4900
[ 76 ] CVE-2023-4901
https://nvd.nist.gov/vuln/detail/CVE-2023-4901
[ 77 ] CVE-2023-4902
https://nvd.nist.gov/vuln/detail/CVE-2023-4902
[ 78 ] CVE-2023-4903
https://nvd.nist.gov/vuln/detail/CVE-2023-4903
[ 79 ] CVE-2023-4904
https://nvd.nist.gov/vuln/detail/CVE-2023-4904
[ 80 ] CVE-2023-4905
https://nvd.nist.gov/vuln/detail/CVE-2023-4905
[ 81 ] CVE-2023-4906
https://nvd.nist.gov/vuln/detail/CVE-2023-4906
[ 82 ] CVE-2023-4907
https://nvd.nist.gov/vuln/detail/CVE-2023-4907
[ 83 ] CVE-2023-4908
https://nvd.nist.gov/vuln/detail/CVE-2023-4908
[ 84 ] CVE-2023-4909
https://nvd.nist.gov/vuln/detail/CVE-2023-4909
[ 85 ] CVE-2023-5186
https://nvd.nist.gov/vuln/detail/CVE-2023-5186
[ 86 ] CVE-2023-5187
https://nvd.nist.gov/vuln/detail/CVE-2023-5187
[ 87 ] CVE-2023-5217
https://nvd.nist.gov/vuln/detail/CVE-2023-5217
[ 88 ] CVE-2023-5218
https://nvd.nist.gov/vuln/detail/CVE-2023-5218
[ 89 ] CVE-2023-5346
https://nvd.nist.gov/vuln/detail/CVE-2023-5346
[ 90 ] CVE-2023-5472
https://nvd.nist.gov/vuln/detail/CVE-2023-5472
[ 91 ] CVE-2023-5473
https://nvd.nist.gov/vuln/detail/CVE-2023-5473
[ 92 ] CVE-2023-5474
https://nvd.nist.gov/vuln/detail/CVE-2023-5474
[ 93 ] CVE-2023-5475
https://nvd.nist.gov/vuln/detail/CVE-2023-5475
[ 94 ] CVE-2023-5476
https://nvd.nist.gov/vuln/detail/CVE-2023-5476
[ 95 ] CVE-2023-5477
https://nvd.nist.gov/vuln/detail/CVE-2023-5477
[ 96 ] CVE-2023-5478
https://nvd.nist.gov/vuln/detail/CVE-2023-5478
[ 97 ] CVE-2023-5479
https://nvd.nist.gov/vuln/detail/CVE-2023-5479
[ 98 ] CVE-2023-5480
https://nvd.nist.gov/vuln/detail/CVE-2023-5480
[ 99 ] CVE-2023-5481
https://nvd.nist.gov/vuln/detail/CVE-2023-5481
[ 100 ] CVE-2023-5482
https://nvd.nist.gov/vuln/detail/CVE-2023-5482
[ 101 ] CVE-2023-5483
https://nvd.nist.gov/vuln/detail/CVE-2023-5483
[ 102 ] CVE-2023-5484
https://nvd.nist.gov/vuln/detail/CVE-2023-5484
[ 103 ] CVE-2023-5485
https://nvd.nist.gov/vuln/detail/CVE-2023-5485
[ 104 ] CVE-2023-5486
https://nvd.nist.gov/vuln/detail/CVE-2023-5486
[ 105 ] CVE-2023-5487
https://nvd.nist.gov/vuln/detail/CVE-2023-5487
[ 106 ] CVE-2023-5849
https://nvd.nist.gov/vuln/detail/CVE-2023-5849
[ 107 ] CVE-2023-5850
https://nvd.nist.gov/vuln/detail/CVE-2023-5850
[ 108 ] CVE-2023-5851
https://nvd.nist.gov/vuln/detail/CVE-2023-5851
[ 109 ] CVE-2023-5852
https://nvd.nist.gov/vuln/detail/CVE-2023-5852
[ 110 ] CVE-2023-5853
https://nvd.nist.gov/vuln/detail/CVE-2023-5853
[ 111 ] CVE-2023-5854
https://nvd.nist.gov/vuln/detail/CVE-2023-5854
[ 112 ] CVE-2023-5855
https://nvd.nist.gov/vuln/detail/CVE-2023-5855
[ 113 ] CVE-2023-5856
https://nvd.nist.gov/vuln/detail/CVE-2023-5856
[ 114 ] CVE-2023-5857
https://nvd.nist.gov/vuln/detail/CVE-2023-5857
[ 115 ] CVE-2023-5858
https://nvd.nist.gov/vuln/detail/CVE-2023-5858
[ 116 ] CVE-2023-5859
https://nvd.nist.gov/vuln/detail/CVE-2023-5859
[ 117 ] CVE-2023-5996
https://nvd.nist.gov/vuln/detail/CVE-2023-5996
[ 118 ] CVE-2023-5997
https://nvd.nist.gov/vuln/detail/CVE-2023-5997
[ 119 ] CVE-2023-6112
https://nvd.nist.gov/vuln/detail/CVE-2023-6112
[ 120 ] CVE-2023-6345
https://nvd.nist.gov/vuln/detail/CVE-2023-6345
[ 121 ] CVE-2023-6346
https://nvd.nist.gov/vuln/detail/CVE-2023-6346
[ 122 ] CVE-2023-6347
https://nvd.nist.gov/vuln/detail/CVE-2023-6347
[ 123 ] CVE-2023-6348
https://nvd.nist.gov/vuln/detail/CVE-2023-6348
[ 124 ] CVE-2023-6350
https://nvd.nist.gov/vuln/detail/CVE-2023-6350
[ 125 ] CVE-2023-6351
https://nvd.nist.gov/vuln/detail/CVE-2023-6351
[ 126 ] CVE-2023-6508
https://nvd.nist.gov/vuln/detail/CVE-2023-6508
[ 127 ] CVE-2023-6509
https://nvd.nist.gov/vuln/detail/CVE-2023-6509
[ 128 ] CVE-2023-6510
https://nvd.nist.gov/vuln/detail/CVE-2023-6510
[ 129 ] CVE-2023-6511
https://nvd.nist.gov/vuln/detail/CVE-2023-6511
[ 130 ] CVE-2023-6512
https://nvd.nist.gov/vuln/detail/CVE-2023-6512
[ 131 ] CVE-2023-6702
https://nvd.nist.gov/vuln/detail/CVE-2023-6702
[ 132 ] CVE-2023-6703
https://nvd.nist.gov/vuln/detail/CVE-2023-6703
[ 133 ] CVE-2023-6704
https://nvd.nist.gov/vuln/detail/CVE-2023-6704
[ 134 ] CVE-2023-6705
https://nvd.nist.gov/vuln/detail/CVE-2023-6705
[ 135 ] CVE-2023-6706
https://nvd.nist.gov/vuln/detail/CVE-2023-6706
[ 136 ] CVE-2023-6707
https://nvd.nist.gov/vuln/detail/CVE-2023-6707
[ 137 ] CVE-2023-7024
https://nvd.nist.gov/vuln/detail/CVE-2023-7024
[ 138 ] CVE-2024-0222
https://nvd.nist.gov/vuln/detail/CVE-2024-0222
[ 139 ] CVE-2024-0223
https://nvd.nist.gov/vuln/detail/CVE-2024-0223
[ 140 ] CVE-2024-0224
https://nvd.nist.gov/vuln/detail/CVE-2024-0224
[ 141 ] CVE-2024-0225
https://nvd.nist.gov/vuln/detail/CVE-2024-0225

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202401-34

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmW6af0ACgkQFMQkOaVy +9nT6g/9EHGJMiRQXHx0/VNupuj93E9sRjr8JouDcvMrkApq2j67KGBvUp1ppfCo 3nsewkG8WYDjhqaApJ2IO1sjqbHMFHB1cK0QTDzcE6cn1zSr+Mg0hglLbli+gmoX X433nVvftBCLhMVYoZpTFE9P1jREL6Krx+/N4AD8IiKrO2+Hg30nZYm3dEueeX2S H/02cn0RLaclZnfF15Y5WmnkAZ9CiMRUMf8GnC4rGjVpK9bHBmCrh/nQWN/tx5hX OOF7a7bmquL8Gz/5vnE0VARyDniix8GInaz9VvcKt8VqyfoYgJ+SZo+rTk2Ao4tf PvwwkZDO06UBaz7eULXna+mKtP2IW2G5jAzSEnBeOdM69z4tzvhVzQdd+WiT3I/z 4LLvYTgsnRK+pXxZcdGtnNrszQJDVVahMDt4Elk5opDjmXup3/tig1XiXTLvL7oP ErJ7s5r0azjIyENsKdHOxmClZODc0u2x6USpGz23sI+uE4pNBqnRf0P6AWvAT7Xn TZTML2sCmyAFre2rcB0osktGgUUKusa3IJe9R++9cEQ3PvPMKSba6mYpqD5H0Mto qDjR0xpwKKfdOFqKBQyYRRV0AZS4zWWh6NJXDXxnGM7Sy9Lk0NPR8Dzl9jF1cFAN F8mMwiOd385R2opI6lj/DNyPoXlLGIGjVnY5Mk8Q9kDqchYAbmg=
=VXC9
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (2 / 14)
Uptime:	15:24:15
Calls:	10,389
Files:	14,061
Messages:	6,416,911

[gentoo-announce] [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft

Who's Online

System Info