[gentoo-announce] [ GLSA 202401-34 ] Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities

Wed, 31 Jan 2024 07:41:09 -0800 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202401-34
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
     Date: January 31, 2024
     Bugs: #907999, #908471, #909283, #910522, #911675, #912364, #913016, 
#913710, #914350, #914871, #915137, #915560, #915961, #916252, #916620, 
#917021, #917357, #918882, #919321, #919802, #920442, #921337
       ID: 202401-34

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Chromium and its
derivatives, the worst of which can lead to remote code execution.

Background
==========

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your
devices.

Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.

Affected packages
=================

Package                    Vulnerable        Unaffected
-------------------------  ----------------  -----------------
www-client/chromium        < 120.0.6099.109  >= 120.0.6099.109
www-client/google-chrome   < 120.0.6099.109  >= 120.0.6099.109
www-client/microsoft-edge  < 120.0.2210.133  >= 120.0.2210.133

Description
===========

Multiple vulnerabilities have been discovered in Chromium and its
derivatives. Please review the CVE identifiers referenced below for
details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Google Chrome users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-120.0.6099.109"

All Chromium users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-client/chromium-120.0.6099.109"

All Microsoft Edge users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose 
">=www-client/microsoft-edge-120.0.2210.133"

References
==========

[ 1 ] CVE-2023-2312
      https://nvd.nist.gov/vuln/detail/CVE-2023-2312
[ 2 ] CVE-2023-2929
      https://nvd.nist.gov/vuln/detail/CVE-2023-2929
[ 3 ] CVE-2023-2930
      https://nvd.nist.gov/vuln/detail/CVE-2023-2930
[ 4 ] CVE-2023-2931
      https://nvd.nist.gov/vuln/detail/CVE-2023-2931
[ 5 ] CVE-2023-2932
      https://nvd.nist.gov/vuln/detail/CVE-2023-2932
[ 6 ] CVE-2023-2933
      https://nvd.nist.gov/vuln/detail/CVE-2023-2933
[ 7 ] CVE-2023-2934
      https://nvd.nist.gov/vuln/detail/CVE-2023-2934
[ 8 ] CVE-2023-2935
      https://nvd.nist.gov/vuln/detail/CVE-2023-2935
[ 9 ] CVE-2023-2936
      https://nvd.nist.gov/vuln/detail/CVE-2023-2936
[ 10 ] CVE-2023-2937
      https://nvd.nist.gov/vuln/detail/CVE-2023-2937
[ 11 ] CVE-2023-2938
      https://nvd.nist.gov/vuln/detail/CVE-2023-2938
[ 12 ] CVE-2023-2939
      https://nvd.nist.gov/vuln/detail/CVE-2023-2939
[ 13 ] CVE-2023-2940
      https://nvd.nist.gov/vuln/detail/CVE-2023-2940
[ 14 ] CVE-2023-2941
      https://nvd.nist.gov/vuln/detail/CVE-2023-2941
[ 15 ] CVE-2023-3079
      https://nvd.nist.gov/vuln/detail/CVE-2023-3079
[ 16 ] CVE-2023-3214
      https://nvd.nist.gov/vuln/detail/CVE-2023-3214
[ 17 ] CVE-2023-3215
      https://nvd.nist.gov/vuln/detail/CVE-2023-3215
[ 18 ] CVE-2023-3216
      https://nvd.nist.gov/vuln/detail/CVE-2023-3216
[ 19 ] CVE-2023-3217
      https://nvd.nist.gov/vuln/detail/CVE-2023-3217
[ 20 ] CVE-2023-3420
      https://nvd.nist.gov/vuln/detail/CVE-2023-3420
[ 21 ] CVE-2023-3421
      https://nvd.nist.gov/vuln/detail/CVE-2023-3421
[ 22 ] CVE-2023-3422
      https://nvd.nist.gov/vuln/detail/CVE-2023-3422
[ 23 ] CVE-2023-3727
      https://nvd.nist.gov/vuln/detail/CVE-2023-3727
[ 24 ] CVE-2023-3728
      https://nvd.nist.gov/vuln/detail/CVE-2023-3728
[ 25 ] CVE-2023-3730
      https://nvd.nist.gov/vuln/detail/CVE-2023-3730
[ 26 ] CVE-2023-3732
      https://nvd.nist.gov/vuln/detail/CVE-2023-3732
[ 27 ] CVE-2023-3733
      https://nvd.nist.gov/vuln/detail/CVE-2023-3733
[ 28 ] CVE-2023-3734
      https://nvd.nist.gov/vuln/detail/CVE-2023-3734
[ 29 ] CVE-2023-3735
      https://nvd.nist.gov/vuln/detail/CVE-2023-3735
[ 30 ] CVE-2023-3736
      https://nvd.nist.gov/vuln/detail/CVE-2023-3736
[ 31 ] CVE-2023-3737
      https://nvd.nist.gov/vuln/detail/CVE-2023-3737
[ 32 ] CVE-2023-3738
      https://nvd.nist.gov/vuln/detail/CVE-2023-3738
[ 33 ] CVE-2023-3740
      https://nvd.nist.gov/vuln/detail/CVE-2023-3740
[ 34 ] CVE-2023-4068
      https://nvd.nist.gov/vuln/detail/CVE-2023-4068
[ 35 ] CVE-2023-4069
      https://nvd.nist.gov/vuln/detail/CVE-2023-4069
[ 36 ] CVE-2023-4070
      https://nvd.nist.gov/vuln/detail/CVE-2023-4070
[ 37 ] CVE-2023-4071
      https://nvd.nist.gov/vuln/detail/CVE-2023-4071
[ 38 ] CVE-2023-4072
      https://nvd.nist.gov/vuln/detail/CVE-2023-4072
[ 39 ] CVE-2023-4073
      https://nvd.nist.gov/vuln/detail/CVE-2023-4073
[ 40 ] CVE-2023-4074
      https://nvd.nist.gov/vuln/detail/CVE-2023-4074
[ 41 ] CVE-2023-4075
      https://nvd.nist.gov/vuln/detail/CVE-2023-4075
[ 42 ] CVE-2023-4076
      https://nvd.nist.gov/vuln/detail/CVE-2023-4076
[ 43 ] CVE-2023-4077
      https://nvd.nist.gov/vuln/detail/CVE-2023-4077
[ 44 ] CVE-2023-4078
      https://nvd.nist.gov/vuln/detail/CVE-2023-4078
[ 45 ] CVE-2023-4349
      https://nvd.nist.gov/vuln/detail/CVE-2023-4349
[ 46 ] CVE-2023-4350
      https://nvd.nist.gov/vuln/detail/CVE-2023-4350
[ 47 ] CVE-2023-4351
      https://nvd.nist.gov/vuln/detail/CVE-2023-4351
[ 48 ] CVE-2023-4352
      https://nvd.nist.gov/vuln/detail/CVE-2023-4352
[ 49 ] CVE-2023-4353
      https://nvd.nist.gov/vuln/detail/CVE-2023-4353
[ 50 ] CVE-2023-4354
      https://nvd.nist.gov/vuln/detail/CVE-2023-4354
[ 51 ] CVE-2023-4355
      https://nvd.nist.gov/vuln/detail/CVE-2023-4355
[ 52 ] CVE-2023-4356
      https://nvd.nist.gov/vuln/detail/CVE-2023-4356
[ 53 ] CVE-2023-4357
      https://nvd.nist.gov/vuln/detail/CVE-2023-4357
[ 54 ] CVE-2023-4358
      https://nvd.nist.gov/vuln/detail/CVE-2023-4358
[ 55 ] CVE-2023-4359
      https://nvd.nist.gov/vuln/detail/CVE-2023-4359
[ 56 ] CVE-2023-4360
      https://nvd.nist.gov/vuln/detail/CVE-2023-4360
[ 57 ] CVE-2023-4361
      https://nvd.nist.gov/vuln/detail/CVE-2023-4361
[ 58 ] CVE-2023-4362
      https://nvd.nist.gov/vuln/detail/CVE-2023-4362
[ 59 ] CVE-2023-4363
      https://nvd.nist.gov/vuln/detail/CVE-2023-4363
[ 60 ] CVE-2023-4364
      https://nvd.nist.gov/vuln/detail/CVE-2023-4364
[ 61 ] CVE-2023-4365
      https://nvd.nist.gov/vuln/detail/CVE-2023-4365
[ 62 ] CVE-2023-4366
      https://nvd.nist.gov/vuln/detail/CVE-2023-4366
[ 63 ] CVE-2023-4367
      https://nvd.nist.gov/vuln/detail/CVE-2023-4367
[ 64 ] CVE-2023-4368
      https://nvd.nist.gov/vuln/detail/CVE-2023-4368
[ 65 ] CVE-2023-4427
      https://nvd.nist.gov/vuln/detail/CVE-2023-4427
[ 66 ] CVE-2023-4428
      https://nvd.nist.gov/vuln/detail/CVE-2023-4428
[ 67 ] CVE-2023-4429
      https://nvd.nist.gov/vuln/detail/CVE-2023-4429
[ 68 ] CVE-2023-4430
      https://nvd.nist.gov/vuln/detail/CVE-2023-4430
[ 69 ] CVE-2023-4431
      https://nvd.nist.gov/vuln/detail/CVE-2023-4431
[ 70 ] CVE-2023-4572
      https://nvd.nist.gov/vuln/detail/CVE-2023-4572
[ 71 ] CVE-2023-4761
      https://nvd.nist.gov/vuln/detail/CVE-2023-4761
[ 72 ] CVE-2023-4762
      https://nvd.nist.gov/vuln/detail/CVE-2023-4762
[ 73 ] CVE-2023-4763
      https://nvd.nist.gov/vuln/detail/CVE-2023-4763
[ 74 ] CVE-2023-4764
      https://nvd.nist.gov/vuln/detail/CVE-2023-4764
[ 75 ] CVE-2023-4900
      https://nvd.nist.gov/vuln/detail/CVE-2023-4900
[ 76 ] CVE-2023-4901
      https://nvd.nist.gov/vuln/detail/CVE-2023-4901
[ 77 ] CVE-2023-4902
      https://nvd.nist.gov/vuln/detail/CVE-2023-4902
[ 78 ] CVE-2023-4903
      https://nvd.nist.gov/vuln/detail/CVE-2023-4903
[ 79 ] CVE-2023-4904
      https://nvd.nist.gov/vuln/detail/CVE-2023-4904
[ 80 ] CVE-2023-4905
      https://nvd.nist.gov/vuln/detail/CVE-2023-4905
[ 81 ] CVE-2023-4906
      https://nvd.nist.gov/vuln/detail/CVE-2023-4906
[ 82 ] CVE-2023-4907
      https://nvd.nist.gov/vuln/detail/CVE-2023-4907
[ 83 ] CVE-2023-4908
      https://nvd.nist.gov/vuln/detail/CVE-2023-4908
[ 84 ] CVE-2023-4909
      https://nvd.nist.gov/vuln/detail/CVE-2023-4909
[ 85 ] CVE-2023-5186
      https://nvd.nist.gov/vuln/detail/CVE-2023-5186
[ 86 ] CVE-2023-5187
      https://nvd.nist.gov/vuln/detail/CVE-2023-5187
[ 87 ] CVE-2023-5217
      https://nvd.nist.gov/vuln/detail/CVE-2023-5217
[ 88 ] CVE-2023-5218
      https://nvd.nist.gov/vuln/detail/CVE-2023-5218
[ 89 ] CVE-2023-5346
      https://nvd.nist.gov/vuln/detail/CVE-2023-5346
[ 90 ] CVE-2023-5472
      https://nvd.nist.gov/vuln/detail/CVE-2023-5472
[ 91 ] CVE-2023-5473
      https://nvd.nist.gov/vuln/detail/CVE-2023-5473
[ 92 ] CVE-2023-5474
      https://nvd.nist.gov/vuln/detail/CVE-2023-5474
[ 93 ] CVE-2023-5475
      https://nvd.nist.gov/vuln/detail/CVE-2023-5475
[ 94 ] CVE-2023-5476
      https://nvd.nist.gov/vuln/detail/CVE-2023-5476
[ 95 ] CVE-2023-5477
      https://nvd.nist.gov/vuln/detail/CVE-2023-5477
[ 96 ] CVE-2023-5478
      https://nvd.nist.gov/vuln/detail/CVE-2023-5478
[ 97 ] CVE-2023-5479
      https://nvd.nist.gov/vuln/detail/CVE-2023-5479
[ 98 ] CVE-2023-5480
      https://nvd.nist.gov/vuln/detail/CVE-2023-5480
[ 99 ] CVE-2023-5481
      https://nvd.nist.gov/vuln/detail/CVE-2023-5481
[ 100 ] CVE-2023-5482
      https://nvd.nist.gov/vuln/detail/CVE-2023-5482
[ 101 ] CVE-2023-5483
      https://nvd.nist.gov/vuln/detail/CVE-2023-5483
[ 102 ] CVE-2023-5484
      https://nvd.nist.gov/vuln/detail/CVE-2023-5484
[ 103 ] CVE-2023-5485
      https://nvd.nist.gov/vuln/detail/CVE-2023-5485
[ 104 ] CVE-2023-5486
      https://nvd.nist.gov/vuln/detail/CVE-2023-5486
[ 105 ] CVE-2023-5487
      https://nvd.nist.gov/vuln/detail/CVE-2023-5487
[ 106 ] CVE-2023-5849
      https://nvd.nist.gov/vuln/detail/CVE-2023-5849
[ 107 ] CVE-2023-5850
      https://nvd.nist.gov/vuln/detail/CVE-2023-5850
[ 108 ] CVE-2023-5851
      https://nvd.nist.gov/vuln/detail/CVE-2023-5851
[ 109 ] CVE-2023-5852
      https://nvd.nist.gov/vuln/detail/CVE-2023-5852
[ 110 ] CVE-2023-5853
      https://nvd.nist.gov/vuln/detail/CVE-2023-5853
[ 111 ] CVE-2023-5854
      https://nvd.nist.gov/vuln/detail/CVE-2023-5854
[ 112 ] CVE-2023-5855
      https://nvd.nist.gov/vuln/detail/CVE-2023-5855
[ 113 ] CVE-2023-5856
      https://nvd.nist.gov/vuln/detail/CVE-2023-5856
[ 114 ] CVE-2023-5857
      https://nvd.nist.gov/vuln/detail/CVE-2023-5857
[ 115 ] CVE-2023-5858
      https://nvd.nist.gov/vuln/detail/CVE-2023-5858
[ 116 ] CVE-2023-5859
      https://nvd.nist.gov/vuln/detail/CVE-2023-5859
[ 117 ] CVE-2023-5996
      https://nvd.nist.gov/vuln/detail/CVE-2023-5996
[ 118 ] CVE-2023-5997
      https://nvd.nist.gov/vuln/detail/CVE-2023-5997
[ 119 ] CVE-2023-6112
      https://nvd.nist.gov/vuln/detail/CVE-2023-6112
[ 120 ] CVE-2023-6345
      https://nvd.nist.gov/vuln/detail/CVE-2023-6345
[ 121 ] CVE-2023-6346
      https://nvd.nist.gov/vuln/detail/CVE-2023-6346
[ 122 ] CVE-2023-6347
      https://nvd.nist.gov/vuln/detail/CVE-2023-6347
[ 123 ] CVE-2023-6348
      https://nvd.nist.gov/vuln/detail/CVE-2023-6348
[ 124 ] CVE-2023-6350
      https://nvd.nist.gov/vuln/detail/CVE-2023-6350
[ 125 ] CVE-2023-6351
      https://nvd.nist.gov/vuln/detail/CVE-2023-6351
[ 126 ] CVE-2023-6508
      https://nvd.nist.gov/vuln/detail/CVE-2023-6508
[ 127 ] CVE-2023-6509
      https://nvd.nist.gov/vuln/detail/CVE-2023-6509
[ 128 ] CVE-2023-6510
      https://nvd.nist.gov/vuln/detail/CVE-2023-6510
[ 129 ] CVE-2023-6511
      https://nvd.nist.gov/vuln/detail/CVE-2023-6511
[ 130 ] CVE-2023-6512
      https://nvd.nist.gov/vuln/detail/CVE-2023-6512
[ 131 ] CVE-2023-6702
      https://nvd.nist.gov/vuln/detail/CVE-2023-6702
[ 132 ] CVE-2023-6703
      https://nvd.nist.gov/vuln/detail/CVE-2023-6703
[ 133 ] CVE-2023-6704
      https://nvd.nist.gov/vuln/detail/CVE-2023-6704
[ 134 ] CVE-2023-6705
      https://nvd.nist.gov/vuln/detail/CVE-2023-6705
[ 135 ] CVE-2023-6706
      https://nvd.nist.gov/vuln/detail/CVE-2023-6706
[ 136 ] CVE-2023-6707
      https://nvd.nist.gov/vuln/detail/CVE-2023-6707
[ 137 ] CVE-2023-7024
      https://nvd.nist.gov/vuln/detail/CVE-2023-7024
[ 138 ] CVE-2024-0222
      https://nvd.nist.gov/vuln/detail/CVE-2024-0222
[ 139 ] CVE-2024-0223
      https://nvd.nist.gov/vuln/detail/CVE-2024-0223
[ 140 ] CVE-2024-0224
      https://nvd.nist.gov/vuln/detail/CVE-2024-0224
[ 141 ] CVE-2024-0225
      https://nvd.nist.gov/vuln/detail/CVE-2024-0225

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-34

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
secur...@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to