- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202309-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Date: September 30, 2023 Bugs: #893660, #904252, #904394, #904560, #905297, #905620, #905883, #906586 ID: 202309-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Background ========== Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Affected packages ================= Package Vulnerable Unaffected ------------------------- ---------------- ----------------- www-client/chromium < 113.0.5672.126 >= 113.0.5672.126 www-client/chromium-bin < 113.0.5672.126 Vulnerable! www-client/google-chrome < 113.0.5672.126 >= 113.0.5672.126 www-client/microsoft-edge < 113.0.1774.50 >= 113.0.1774.50 Description =========== Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-113.0.5672.126" All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/google-chrome-113.0.5672.126" All Microsoft Edge users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-113.0.1774.50" Gentoo has discontinued support for www-client/chromium-bin. Users should unmerge it in favor of the above alternatives: # emerge --ask --depclean --verbose "www-client/chromium-bin" References ========== [ 1 ] CVE-2023-0696 https://nvd.nist.gov/vuln/detail/CVE-2023-0696 [ 2 ] CVE-2023-0697 https://nvd.nist.gov/vuln/detail/CVE-2023-0697 [ 3 ] CVE-2023-0698 https://nvd.nist.gov/vuln/detail/CVE-2023-0698 [ 4 ] CVE-2023-0699 https://nvd.nist.gov/vuln/detail/CVE-2023-0699 [ 5 ] CVE-2023-0700 https://nvd.nist.gov/vuln/detail/CVE-2023-0700 [ 6 ] CVE-2023-0701 https://nvd.nist.gov/vuln/detail/CVE-2023-0701 [ 7 ] CVE-2023-0702 https://nvd.nist.gov/vuln/detail/CVE-2023-0702 [ 8 ] CVE-2023-0703 https://nvd.nist.gov/vuln/detail/CVE-2023-0703 [ 9 ] CVE-2023-0704 https://nvd.nist.gov/vuln/detail/CVE-2023-0704 [ 10 ] CVE-2023-0705 https://nvd.nist.gov/vuln/detail/CVE-2023-0705 [ 11 ] CVE-2023-0927 https://nvd.nist.gov/vuln/detail/CVE-2023-0927 [ 12 ] CVE-2023-0928 https://nvd.nist.gov/vuln/detail/CVE-2023-0928 [ 13 ] CVE-2023-0929 https://nvd.nist.gov/vuln/detail/CVE-2023-0929 [ 14 ] CVE-2023-0930 https://nvd.nist.gov/vuln/detail/CVE-2023-0930 [ 15 ] CVE-2023-0931 https://nvd.nist.gov/vuln/detail/CVE-2023-0931 [ 16 ] CVE-2023-0932 https://nvd.nist.gov/vuln/detail/CVE-2023-0932 [ 17 ] CVE-2023-0933 https://nvd.nist.gov/vuln/detail/CVE-2023-0933 [ 18 ] CVE-2023-0941 https://nvd.nist.gov/vuln/detail/CVE-2023-0941 [ 19 ] CVE-2023-1528 https://nvd.nist.gov/vuln/detail/CVE-2023-1528 [ 20 ] CVE-2023-1529 https://nvd.nist.gov/vuln/detail/CVE-2023-1529 [ 21 ] CVE-2023-1530 https://nvd.nist.gov/vuln/detail/CVE-2023-1530 [ 22 ] CVE-2023-1531 https://nvd.nist.gov/vuln/detail/CVE-2023-1531 [ 23 ] CVE-2023-1532 https://nvd.nist.gov/vuln/detail/CVE-2023-1532 [ 24 ] CVE-2023-1533 https://nvd.nist.gov/vuln/detail/CVE-2023-1533 [ 25 ] CVE-2023-1534 https://nvd.nist.gov/vuln/detail/CVE-2023-1534 [ 26 ] CVE-2023-1810 https://nvd.nist.gov/vuln/detail/CVE-2023-1810 [ 27 ] CVE-2023-1811 https://nvd.nist.gov/vuln/detail/CVE-2023-1811 [ 28 ] CVE-2023-1812 https://nvd.nist.gov/vuln/detail/CVE-2023-1812 [ 29 ] CVE-2023-1813 https://nvd.nist.gov/vuln/detail/CVE-2023-1813 [ 30 ] CVE-2023-1814 https://nvd.nist.gov/vuln/detail/CVE-2023-1814 [ 31 ] CVE-2023-1815 https://nvd.nist.gov/vuln/detail/CVE-2023-1815 [ 32 ] CVE-2023-1816 https://nvd.nist.gov/vuln/detail/CVE-2023-1816 [ 33 ] CVE-2023-1817 https://nvd.nist.gov/vuln/detail/CVE-2023-1817 [ 34 ] CVE-2023-1818 https://nvd.nist.gov/vuln/detail/CVE-2023-1818 [ 35 ] CVE-2023-1819 https://nvd.nist.gov/vuln/detail/CVE-2023-1819 [ 36 ] CVE-2023-1820 https://nvd.nist.gov/vuln/detail/CVE-2023-1820 [ 37 ] CVE-2023-1821 https://nvd.nist.gov/vuln/detail/CVE-2023-1821 [ 38 ] CVE-2023-1822 https://nvd.nist.gov/vuln/detail/CVE-2023-1822 [ 39 ] CVE-2023-1823 https://nvd.nist.gov/vuln/detail/CVE-2023-1823 [ 40 ] CVE-2023-2033 https://nvd.nist.gov/vuln/detail/CVE-2023-2033 [ 41 ] CVE-2023-2133 https://nvd.nist.gov/vuln/detail/CVE-2023-2133 [ 42 ] CVE-2023-2134 https://nvd.nist.gov/vuln/detail/CVE-2023-2134 [ 43 ] CVE-2023-2135 https://nvd.nist.gov/vuln/detail/CVE-2023-2135 [ 44 ] CVE-2023-2136 https://nvd.nist.gov/vuln/detail/CVE-2023-2136 [ 45 ] CVE-2023-2137 https://nvd.nist.gov/vuln/detail/CVE-2023-2137 [ 46 ] CVE-2023-2459 https://nvd.nist.gov/vuln/detail/CVE-2023-2459 [ 47 ] CVE-2023-2460 https://nvd.nist.gov/vuln/detail/CVE-2023-2460 [ 48 ] CVE-2023-2461 https://nvd.nist.gov/vuln/detail/CVE-2023-2461 [ 49 ] CVE-2023-2462 https://nvd.nist.gov/vuln/detail/CVE-2023-2462 [ 50 ] CVE-2023-2463 https://nvd.nist.gov/vuln/detail/CVE-2023-2463 [ 51 ] CVE-2023-2464 https://nvd.nist.gov/vuln/detail/CVE-2023-2464 [ 52 ] CVE-2023-2465 https://nvd.nist.gov/vuln/detail/CVE-2023-2465 [ 53 ] CVE-2023-2466 https://nvd.nist.gov/vuln/detail/CVE-2023-2466 [ 54 ] CVE-2023-2467 https://nvd.nist.gov/vuln/detail/CVE-2023-2467 [ 55 ] CVE-2023-2468 https://nvd.nist.gov/vuln/detail/CVE-2023-2468 [ 56 ] CVE-2023-2721 https://nvd.nist.gov/vuln/detail/CVE-2023-2721 [ 57 ] CVE-2023-2722 https://nvd.nist.gov/vuln/detail/CVE-2023-2722 [ 58 ] CVE-2023-2723 https://nvd.nist.gov/vuln/detail/CVE-2023-2723 [ 59 ] CVE-2023-2724 https://nvd.nist.gov/vuln/detail/CVE-2023-2724 [ 60 ] CVE-2023-2725 https://nvd.nist.gov/vuln/detail/CVE-2023-2725 [ 61 ] CVE-2023-2726 https://nvd.nist.gov/vuln/detail/CVE-2023-2726 [ 62 ] CVE-2023-21720 https://nvd.nist.gov/vuln/detail/CVE-2023-21720 [ 63 ] CVE-2023-21794 https://nvd.nist.gov/vuln/detail/CVE-2023-21794 [ 64 ] CVE-2023-23374 https://nvd.nist.gov/vuln/detail/CVE-2023-23374 [ 65 ] CVE-2023-28261 https://nvd.nist.gov/vuln/detail/CVE-2023-28261 [ 66 ] CVE-2023-28286 https://nvd.nist.gov/vuln/detail/CVE-2023-28286 [ 67 ] CVE-2023-29334 https://nvd.nist.gov/vuln/detail/CVE-2023-29334 [ 68 ] CVE-2023-29350 https://nvd.nist.gov/vuln/detail/CVE-2023-29350 [ 69 ] CVE-2023-29354 https://nvd.nist.gov/vuln/detail/CVE-2023-29354 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202309-17 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5