- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, Google Chrome: Multiple vulnerabilities Date: July 06, 2021 Bugs: #789420, #792084, #795204, #796338, #796521 ID: 202107-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabillities have been found in Chromium and Google Chrome, the worst of which could allow remote attackers to execute arbitrary code. Background ========== Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/google-chrome < 91.0.4472.114 >= 91.0.4472.114 2 www-client/chromium < 91.0.4472.114 >= 91.0.4472.114 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could execute arbitrary code, escalate privileges, obtain sensitive information, spoof a URL or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=www-client/google-chrome-91.0.4472.114" All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-91.0.4472.114" References ========== [ 1 ] CVE-2021-30506 https://nvd.nist.gov/vuln/detail/CVE-2021-30506 [ 2 ] CVE-2021-30507 https://nvd.nist.gov/vuln/detail/CVE-2021-30507 [ 3 ] CVE-2021-30508 https://nvd.nist.gov/vuln/detail/CVE-2021-30508 [ 4 ] CVE-2021-30509 https://nvd.nist.gov/vuln/detail/CVE-2021-30509 [ 5 ] CVE-2021-30510 https://nvd.nist.gov/vuln/detail/CVE-2021-30510 [ 6 ] CVE-2021-30511 https://nvd.nist.gov/vuln/detail/CVE-2021-30511 [ 7 ] CVE-2021-30512 https://nvd.nist.gov/vuln/detail/CVE-2021-30512 [ 8 ] CVE-2021-30513 https://nvd.nist.gov/vuln/detail/CVE-2021-30513 [ 9 ] CVE-2021-30514 https://nvd.nist.gov/vuln/detail/CVE-2021-30514 [ 10 ] CVE-2021-30515 https://nvd.nist.gov/vuln/detail/CVE-2021-30515 [ 11 ] CVE-2021-30516 https://nvd.nist.gov/vuln/detail/CVE-2021-30516 [ 12 ] CVE-2021-30517 https://nvd.nist.gov/vuln/detail/CVE-2021-30517 [ 13 ] CVE-2021-30518 https://nvd.nist.gov/vuln/detail/CVE-2021-30518 [ 14 ] CVE-2021-30519 https://nvd.nist.gov/vuln/detail/CVE-2021-30519 [ 15 ] CVE-2021-30520 https://nvd.nist.gov/vuln/detail/CVE-2021-30520 [ 16 ] CVE-2021-30521 https://nvd.nist.gov/vuln/detail/CVE-2021-30521 [ 17 ] CVE-2021-30522 https://nvd.nist.gov/vuln/detail/CVE-2021-30522 [ 18 ] CVE-2021-30523 https://nvd.nist.gov/vuln/detail/CVE-2021-30523 [ 19 ] CVE-2021-30524 https://nvd.nist.gov/vuln/detail/CVE-2021-30524 [ 20 ] CVE-2021-30525 https://nvd.nist.gov/vuln/detail/CVE-2021-30525 [ 21 ] CVE-2021-30526 https://nvd.nist.gov/vuln/detail/CVE-2021-30526 [ 22 ] CVE-2021-30527 https://nvd.nist.gov/vuln/detail/CVE-2021-30527 [ 23 ] CVE-2021-30528 https://nvd.nist.gov/vuln/detail/CVE-2021-30528 [ 24 ] CVE-2021-30530 https://nvd.nist.gov/vuln/detail/CVE-2021-30530 [ 25 ] CVE-2021-30531 https://nvd.nist.gov/vuln/detail/CVE-2021-30531 [ 26 ] CVE-2021-30532 https://nvd.nist.gov/vuln/detail/CVE-2021-30532 [ 27 ] CVE-2021-30533 https://nvd.nist.gov/vuln/detail/CVE-2021-30533 [ 28 ] CVE-2021-30534 https://nvd.nist.gov/vuln/detail/CVE-2021-30534 [ 29 ] CVE-2021-30536 https://nvd.nist.gov/vuln/detail/CVE-2021-30536 [ 30 ] CVE-2021-30537 https://nvd.nist.gov/vuln/detail/CVE-2021-30537 [ 31 ] CVE-2021-30538 https://nvd.nist.gov/vuln/detail/CVE-2021-30538 [ 32 ] CVE-2021-30539 https://nvd.nist.gov/vuln/detail/CVE-2021-30539 [ 33 ] CVE-2021-30540 https://nvd.nist.gov/vuln/detail/CVE-2021-30540 [ 34 ] CVE-2021-30544 https://nvd.nist.gov/vuln/detail/CVE-2021-30544 [ 35 ] CVE-2021-30545 https://nvd.nist.gov/vuln/detail/CVE-2021-30545 [ 36 ] CVE-2021-30546 https://nvd.nist.gov/vuln/detail/CVE-2021-30546 [ 37 ] CVE-2021-30548 https://nvd.nist.gov/vuln/detail/CVE-2021-30548 [ 38 ] CVE-2021-30549 https://nvd.nist.gov/vuln/detail/CVE-2021-30549 [ 39 ] CVE-2021-30550 https://nvd.nist.gov/vuln/detail/CVE-2021-30550 [ 40 ] CVE-2021-30551 https://nvd.nist.gov/vuln/detail/CVE-2021-30551 [ 41 ] CVE-2021-30552 https://nvd.nist.gov/vuln/detail/CVE-2021-30552 [ 42 ] CVE-2021-30553 https://nvd.nist.gov/vuln/detail/CVE-2021-30553 [ 43 ] CVE-2021-30554 https://nvd.nist.gov/vuln/detail/CVE-2021-30554 [ 44 ] CVE-2021-30555 https://nvd.nist.gov/vuln/detail/CVE-2021-30555 [ 45 ] CVE-2021-30556 https://nvd.nist.gov/vuln/detail/CVE-2021-30556 [ 46 ] CVE-2021-30557 https://nvd.nist.gov/vuln/detail/CVE-2021-30557 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5