[gentoo-announce] [ GLSA 202202-02 ] Chromium, Google Chrome: Multiple vulnerabilities

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Gentoo Linux Security Advisory GLSA 202202-03 – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – security.gentoo.org/ – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Severity: High Title: Chromium, Google Chrome: Multiple vulnerabilities Date: February 20, 2022 Bugs: #832559, #833432 ID: 202202-02
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Synopsis ========
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code.
Background ==========
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Google Chrome is one, fast, simple, and secure browser for all your devices.
Affected packages =================
——————————————————————- Package / Vulnerable / Unaffected ——————————————————————- 1 www-client/chromium < 98.0.4758.102 >= 98.0.4758.102 2 www-client/google-chrome < 98.0.4758.102 >= 98.0.4758.102
Description ===========
Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details.
Impact ======
Please review the referenced CVE identifiers for details.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All Chromium users should upgrade to the latest version:
# emerge –sync # emerge –ask –oneshot –verbose “>=www-client/chromium-98.0.4758.102”
All Google Chrome users should upgrade to the latest version:
# emerge –sync # emerge –ask –oneshot –verbose “>=www-client/google-chrome-98.0.4758.102”
References ==========
[ 1 ] CVE-2022-0607 nvd.nist.gov/vuln/detail/CVE-2022-0607 [ 2 ] CVE-2022-0608 nvd.nist.gov/vuln/detail/CVE-2022-0608 [ 3 ] CVE-2022-0452 nvd.nist.gov/vuln/detail/CVE-2022-0452 [ 4 ] CVE-2022-0453 nvd.nist.gov/vuln/detail/CVE-2022-0453 [ 5 ] CVE-2022-0455 nvd.nist.gov/vuln/detail/CVE-2022-0455 [ 6 ] CVE-2022-0464 nvd.nist.gov/vuln/detail/CVE-2022-0464 [ 7 ] CVE-2022-0470 nvd.nist.gov/vuln/detail/CVE-2022-0470 [ 8 ] CVE-2022-0458 nvd.nist.gov/vuln/detail/CVE-2022-0458 [ 9 ] CVE-2022-0454 nvd.nist.gov/vuln/detail/CVE-2022-0454 [ 10 ] CVE-2022-0456 nvd.nist.gov/vuln/detail/CVE-2022-0456 [ 11 ] CVE-2022-0462 nvd.nist.gov/vuln/detail/CVE-2022-0462 [ 12 ] CVE-2022-0463 nvd.nist.gov/vuln/detail/CVE-2022-0463 [ 13 ] CVE-2022-0460 nvd.nist.gov/vuln/detail/CVE-2022-0460 [ 14 ] CVE-2022-0606 nvd.nist.gov/vuln/detail/CVE-2022-0606 [ 15 ] CVE-2022-0457 nvd.nist.gov/vuln/detail/CVE-2022-0457 [ 16 ] CVE-2022-0461 nvd.nist.gov/vuln/detail/CVE-2022-0461 [ 17 ] CVE-2022-0604 nvd.nist.gov/vuln/detail/CVE-2022-0604 [ 18 ] CVE-2022-0605 nvd.nist.gov/vuln/detail/CVE-2022-0605 [ 19 ] CVE-2022-0609 nvd.nist.gov/vuln/detail/CVE-2022-0609 [ 20 ] CVE-2022-0466 nvd.nist.gov/vuln/detail/CVE-2022-0466 [ 21 ] CVE-2022-0610 nvd.nist.gov/vuln/detail/CVE-2022-0610 [ 22 ] CVE-2022-0465 nvd.nist.gov/vuln/detail/CVE-2022-0465 [ 23 ] CVE-2022-0469 nvd.nist.gov/vuln/detail/CVE-2022-0469 [ 24 ] CVE-2022-0459 nvd.nist.gov/vuln/detail/CVE-2022-0459 [ 25 ] CVE-2022-0468 nvd.nist.gov/vuln/detail/CVE-2022-0468 [ 26 ] CVE-2022-0467 nvd.nist.gov/vuln/detail/CVE-2022-0467 [ 27 ] CVE-2022-0603 nvd.nist.gov/vuln/detail/CVE-2022-0603
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
security.gentoo.org/glsa/202202-02
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users’ machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at bugs.gentoo.org.
License =======
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons – Attribution / Share Alike license.
creativecommons.org/licenses/by-sa/2.5