You are here
Home > Preporuke > Sigurnosni nedostaci programskih paketa Chromium i Google Chrome

Sigurnosni nedostaci programskih paketa Chromium i Google Chrome

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 202007-08
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
https://security.gentoo.org/
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: Chromium, Google Chrome: Multiple vulnerabilities
Date: July 26, 2020
Bugs: #728418, #729310, #732588
ID: 202007-08

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

Multiple vulnerabilities have been found in Chromium and Google Chrome,
the worst of which could result in the arbitrary execution of code.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your
devices.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 www-client/chromium < 84.0.4147.89 >= 84.0.4147.89
2 www-client/google-chrome
< 84.0.4147.89 >= 84.0.4147.89
——————————————————————-
2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot -v “>=www-client/chromium-84.0.4147.89”

All Google Chrome users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot -v “>=www-client/google-chrome-84.0.4147.89”

References
==========

[ 1 ] CVE-2020-6505
https://nvd.nist.gov/vuln/detail/CVE-2020-6505
[ 2 ] CVE-2020-6506
https://nvd.nist.gov/vuln/detail/CVE-2020-6506
[ 3 ] CVE-2020-6507
https://nvd.nist.gov/vuln/detail/CVE-2020-6507
[ 4 ] CVE-2020-6509
https://nvd.nist.gov/vuln/detail/CVE-2020-6509
[ 5 ] CVE-2020-6510
https://nvd.nist.gov/vuln/detail/CVE-2020-6510
[ 6 ] CVE-2020-6511
https://nvd.nist.gov/vuln/detail/CVE-2020-6511
[ 7 ] CVE-2020-6512
https://nvd.nist.gov/vuln/detail/CVE-2020-6512
[ 8 ] CVE-2020-6513
https://nvd.nist.gov/vuln/detail/CVE-2020-6513
[ 9 ] CVE-2020-6514
https://nvd.nist.gov/vuln/detail/CVE-2020-6514
[ 10 ] CVE-2020-6515
https://nvd.nist.gov/vuln/detail/CVE-2020-6515
[ 11 ] CVE-2020-6516
https://nvd.nist.gov/vuln/detail/CVE-2020-6516
[ 12 ] CVE-2020-6517
https://nvd.nist.gov/vuln/detail/CVE-2020-6517
[ 13 ] CVE-2020-6518
https://nvd.nist.gov/vuln/detail/CVE-2020-6518
[ 14 ] CVE-2020-6519
https://nvd.nist.gov/vuln/detail/CVE-2020-6519
[ 15 ] CVE-2020-6520
https://nvd.nist.gov/vuln/detail/CVE-2020-6520
[ 16 ] CVE-2020-6521
https://nvd.nist.gov/vuln/detail/CVE-2020-6521
[ 17 ] CVE-2020-6522
https://nvd.nist.gov/vuln/detail/CVE-2020-6522
[ 18 ] CVE-2020-6523
https://nvd.nist.gov/vuln/detail/CVE-2020-6523
[ 19 ] CVE-2020-6524
https://nvd.nist.gov/vuln/detail/CVE-2020-6524
[ 20 ] CVE-2020-6525
https://nvd.nist.gov/vuln/detail/CVE-2020-6525
[ 21 ] CVE-2020-6526
https://nvd.nist.gov/vuln/detail/CVE-2020-6526
[ 22 ] CVE-2020-6527
https://nvd.nist.gov/vuln/detail/CVE-2020-6527
[ 23 ] CVE-2020-6528
https://nvd.nist.gov/vuln/detail/CVE-2020-6528
[ 24 ] CVE-2020-6529
https://nvd.nist.gov/vuln/detail/CVE-2020-6529
[ 25 ] CVE-2020-6530
https://nvd.nist.gov/vuln/detail/CVE-2020-6530
[ 26 ] CVE-2020-6531
https://nvd.nist.gov/vuln/detail/CVE-2020-6531
[ 27 ] CVE-2020-6533
https://nvd.nist.gov/vuln/detail/CVE-2020-6533
[ 28 ] CVE-2020-6534
https://nvd.nist.gov/vuln/detail/CVE-2020-6534
[ 29 ] CVE-2020-6535
https://nvd.nist.gov/vuln/detail/CVE-2020-6535
[ 30 ] CVE-2020-6536
https://nvd.nist.gov/vuln/detail/CVE-2020-6536

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202007-08

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

<html><head><meta http-equiv=”Content-Type” content=”text/html; charset=us-ascii”></head><body style=”word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;” class=””><pre style=”word-wrap: break-word; white-space: pre-wrap;” class=””>- – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 202007-08
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
<a href=”https://security.gentoo.org/” class=””>https://security.gentoo.org/</a>
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Severity: Normal
Title: Chromium, Google Chrome: Multiple vulnerabilities
Date: July 26, 2020
Bugs: #728418, #729310, #732588
ID: 202007-08

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

Synopsis
========

Multiple vulnerabilities have been found in Chromium and Google Chrome,
the worst of which could result in the arbitrary execution of code.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your
devices.

Affected packages
=================

——————————————————————-
Package / Vulnerable / Unaffected
——————————————————————-
1 www-client/chromium < 84.0.4147.89 >= 84.0.4147.89
2 www-client/google-chrome
< 84.0.4147.89 >= 84.0.4147.89
——————————————————————-
2 affected packages

Description
===========

Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Chromium users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot -v “>=www-client/chromium-84.0.4147.89”

All Google Chrome users should upgrade to the latest version:

# emerge –sync
# emerge –ask –oneshot -v “>=www-client/google-chrome-84.0.4147.89”

References
==========

[ 1 ] CVE-2020-6505
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6505″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6505</a>
[ 2 ] CVE-2020-6506
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6506″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6506</a>
[ 3 ] CVE-2020-6507
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6507″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6507</a>
[ 4 ] CVE-2020-6509
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6509″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6509</a>
[ 5 ] CVE-2020-6510
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6510″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6510</a>
[ 6 ] CVE-2020-6511
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6511″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6511</a>
[ 7 ] CVE-2020-6512
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6512″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6512</a>
[ 8 ] CVE-2020-6513
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6513″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6513</a>
[ 9 ] CVE-2020-6514
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6514″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6514</a>
[ 10 ] CVE-2020-6515
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6515″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6515</a>
[ 11 ] CVE-2020-6516
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6516″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6516</a>
[ 12 ] CVE-2020-6517
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6517″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6517</a>
[ 13 ] CVE-2020-6518
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6518″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6518</a>
[ 14 ] CVE-2020-6519
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6519″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6519</a>
[ 15 ] CVE-2020-6520
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6520″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6520</a>
[ 16 ] CVE-2020-6521
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6521″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6521</a>
[ 17 ] CVE-2020-6522
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6522″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6522</a>
[ 18 ] CVE-2020-6523
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6523″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6523</a>
[ 19 ] CVE-2020-6524
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6524″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6524</a>
[ 20 ] CVE-2020-6525
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6525″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6525</a>
[ 21 ] CVE-2020-6526
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6526″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6526</a>
[ 22 ] CVE-2020-6527
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6527″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6527</a>
[ 23 ] CVE-2020-6528
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6528″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6528</a>
[ 24 ] CVE-2020-6529
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6529″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6529</a>
[ 25 ] CVE-2020-6530
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6530″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6530</a>
[ 26 ] CVE-2020-6531
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6531″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6531</a>
[ 27 ] CVE-2020-6533
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6533″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6533</a>
[ 28 ] CVE-2020-6534
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6534″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6534</a>
[ 29 ] CVE-2020-6535
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6535″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6535</a>
[ 30 ] CVE-2020-6536
<a href=”https://nvd.nist.gov/vuln/detail/CVE-2020-6536″ class=””>https://nvd.nist.gov/vuln/detail/CVE-2020-6536</a>

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

<a href=”https://security.gentoo.org/glsa/202007-08″ class=””>https://security.gentoo.org/glsa/202007-08</a>

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
<a href=”mailto:security@gentoo.org” class=””>security@gentoo.org</a> or alternatively, you may file a bug at
<a href=”https://bugs.gentoo.org” class=””>https://bugs.gentoo.org</a>.

License
=======

Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons – Attribution / Share Alike license.

<a href=”https://creativecommons.org/licenses/by-sa/2.5″ class=””>https://creativecommons.org/licenses/by-sa/2.5</a></pre><div class=””><br class=””></div></body></html>—–BEGIN PGP SIGNATURE—–

iNUEARYKAH0WIQSONjK3ErBA5VvN3hCxfj6E5hA8mwUCXx4TLl8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0OEUz
NjMyQjcxMkIwNDBFNTVCQ0RERTEwQjE3RTNFODRFNjEwM0M5QgAKCRCxfj6E5hA8
m1EgAQCoNZmaMwOBG/l/99gnl8DJCksYFCPKGUn8k4DISnsANQEAvMolcSCnbObX
9H2clHX/1Na3KccQdtwtlx6xmESutQg=
=SU9F
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa Apache Ant

Otkriven je sigurnosni nedostatak u programskom paketu Apache Ant za operacijski sustav Gentoo. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS...

Close