- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium: Multiple vulnerabilities Date: March 28, 2019 Bugs: #671550, #677066, #679530, #680242 ID: 201903-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Chromium, the worst of which could result in the remote execution of code. Background ========= Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 73.0.3683.75 >= 73.0.3683.75 Description ========== Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact ===== Please review the referenced CVE identifiers and Google Chrome Releases for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-73.0.3683.75" References ========= [ 1 ] CVE-2018-17479 https://nvd.nist.gov/vuln/detail/CVE-2018-17479 [ 2 ] CVE-2019-5786 https://nvd.nist.gov/vuln/detail/CVE-2019-5786 [ 3 ] CVE-2019-5786 https://nvd.nist.gov/vuln/detail/CVE-2019-5786 [ 4 ] CVE-2019-5787 https://nvd.nist.gov/vuln/detail/CVE-2019-5787 [ 5 ] CVE-2019-5788 https://nvd.nist.gov/vuln/detail/CVE-2019-5788 [ 6 ] CVE-2019-5789 https://nvd.nist.gov/vuln/detail/CVE-2019-5789 [ 7 ] CVE-2019-5790 https://nvd.nist.gov/vuln/detail/CVE-2019-5790 [ 8 ] CVE-2019-5791 https://nvd.nist.gov/vuln/detail/CVE-2019-5791 [ 9 ] CVE-2019-5792 https://nvd.nist.gov/vuln/detail/CVE-2019-5792 [ 10 ] CVE-2019-5793 https://nvd.nist.gov/vuln/detail/CVE-2019-5793 [ 11 ] CVE-2019-5794 https://nvd.nist.gov/vuln/detail/CVE-2019-5794 [ 12 ] CVE-2019-5795 https://nvd.nist.gov/vuln/detail/CVE-2019-5795 [ 13 ] CVE-2019-5796 https://nvd.nist.gov/vuln/detail/CVE-2019-5796 [ 14 ] CVE-2019-5797 https://nvd.nist.gov/vuln/detail/CVE-2019-5797 [ 15 ] CVE-2019-5798 https://nvd.nist.gov/vuln/detail/CVE-2019-5798 [ 16 ] CVE-2019-5799 https://nvd.nist.gov/vuln/detail/CVE-2019-5799 [ 17 ] CVE-2019-5800 https://nvd.nist.gov/vuln/detail/CVE-2019-5800 [ 18 ] CVE-2019-5801 https://nvd.nist.gov/vuln/detail/CVE-2019-5801 [ 19 ] CVE-2019-5802 https://nvd.nist.gov/vuln/detail/CVE-2019-5802 [ 20 ] CVE-2019-5803 https://nvd.nist.gov/vuln/detail/CVE-2019-5803 [ 21 ] CVE-2019-5804 https://nvd.nist.gov/vuln/detail/CVE-2019-5804 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201903-23 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5