Headline
Gentoo Linux Security Advisory 202402-23
Gentoo Linux Security Advisory 202402-23 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 121.0.6167.139 are affected.
Gentoo Linux Security Advisory GLSA 202402-23
https://security.gentoo.org/
Severity: High
Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Date: February 19, 2024
Bugs: #922062, #922340, #922903, #923370
ID: 202402-23
Synopsis
Multiple vulnerabilities have been discovered in Chromium and its
derivatives, the worst of which can lead to remote code execution.
Background
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web. Google
Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.
Affected packages
Package Vulnerable Unaffected
www-client/chromium < 121.0.6167.139 >= 121.0.6167.139
www-client/google-chrome < 121.0.6167.139 >= 121.0.6167.139
www-client/microsoft-edge < 121.0.2277.83 >= 121.0.2277.83
Description
Multiple vulnerabilities have been discovered in Chromium and its
derivatives. Please review the CVE identifiers referenced below for
details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Google Chrome users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=www-client/google-chrome-121.0.6167.139”
All Chromium users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=www-client/chromium-121.0.6167.139”
All Microsoft Edge users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>=www-client/microsoft-edge-121.0.2277.83”
References
[ 1 ] CVE-2024-0333
https://nvd.nist.gov/vuln/detail/CVE-2024-0333
[ 2 ] CVE-2024-0517
https://nvd.nist.gov/vuln/detail/CVE-2024-0517
[ 3 ] CVE-2024-0518
https://nvd.nist.gov/vuln/detail/CVE-2024-0518
[ 4 ] CVE-2024-0519
https://nvd.nist.gov/vuln/detail/CVE-2024-0519
[ 5 ] CVE-2024-0804
https://nvd.nist.gov/vuln/detail/CVE-2024-0804
[ 6 ] CVE-2024-0805
https://nvd.nist.gov/vuln/detail/CVE-2024-0805
[ 7 ] CVE-2024-0806
https://nvd.nist.gov/vuln/detail/CVE-2024-0806
[ 8 ] CVE-2024-0807
https://nvd.nist.gov/vuln/detail/CVE-2024-0807
[ 9 ] CVE-2024-0808
https://nvd.nist.gov/vuln/detail/CVE-2024-0808
[ 10 ] CVE-2024-0809
https://nvd.nist.gov/vuln/detail/CVE-2024-0809
[ 11 ] CVE-2024-0810
https://nvd.nist.gov/vuln/detail/CVE-2024-0810
[ 12 ] CVE-2024-0811
https://nvd.nist.gov/vuln/detail/CVE-2024-0811
[ 13 ] CVE-2024-0812
https://nvd.nist.gov/vuln/detail/CVE-2024-0812
[ 14 ] CVE-2024-0813
https://nvd.nist.gov/vuln/detail/CVE-2024-0813
[ 15 ] CVE-2024-0814
https://nvd.nist.gov/vuln/detail/CVE-2024-0814
[ 16 ] CVE-2024-1059
https://nvd.nist.gov/vuln/detail/CVE-2024-1059
[ 17 ] CVE-2024-1060
https://nvd.nist.gov/vuln/detail/CVE-2024-1060
[ 18 ] CVE-2024-1077
https://nvd.nist.gov/vuln/detail/CVE-2024-1077
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202402-23
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be implemented, making zero-days a potent weapon for
Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. "Inappropriate implementation in V8 in Google Chrome prior to
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
Gentoo Linux Security Advisory 202405-14 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.13_p20240322 are affected.
Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239140 Let’s start with my open source projects. Vulremi A simple vulnerability remediation utility, Vulremi, now has a logo and […]
Debian Linux Security Advisory 5612-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5612-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5612-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Plus: Google fixes dozens of Android bugs, Microsoft rolls out nearly 50 patches, Mozilla squashes 15 Firefox flaws, and more.
Plus: Google fixes dozens of Android bugs, Microsoft rolls out nearly 50 patches, Mozilla squashes 15 Firefox flaws, and more.
Plus: Google fixes dozens of Android bugs, Microsoft rolls out nearly 50 patches, Mozilla squashes 15 Firefox flaws, and more.
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5607-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5602-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. An exploit for CVE-2024-0519 exists in the wild.
Debian Linux Security Advisory 5602-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. An exploit for CVE-2024-0519 exists in the wild.
Debian Linux Security Advisory 5602-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. An exploit for CVE-2024-0519 exists in the wild.
Google has issued a security update for the Chrome browser that includes a patch for one zero-day vulnerability.
Google has issued a security update for the Chrome browser that includes a patch for one zero-day vulnerability.
Google has issued a security update for the Chrome browser that includes a patch for one zero-day vulnerability.
Google on Tuesday released updates to fix four security issues in its Chrome browser, including an actively exploited zero-day flaw. The issue, tracked as CVE-2024-0519, concerns an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, which can be weaponized by threat actors to trigger a crash. "By reading out-of-bounds memory, an attacker might be able to get secret values,
Debian Linux Security Advisory 5598-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service, or information disclosure.