- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202401-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Date: January 31, 2024 Bugs: #907999, #908471, #909283, #910522, #911675, #912364, #913016, #913710, #914350, #914871, #915137, #915560, #915961, #916252, #916620, #917021, #917357, #918882, #919321, #919802, #920442, #921337 ID: 202401-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Background ========== Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier. Affected packages ================= Package Vulnerable Unaffected ------------------------- ---------------- ----------------- www-client/chromium < 120.0.6099.109 >= 120.0.6099.109 www-client/google-chrome < 120.0.6099.109 >= 120.0.6099.109 www-client/microsoft-edge < 120.0.2210.133 >= 120.0.2210.133 Description =========== Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/google-chrome-120.0.6099.109" All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-120.0.6099.109" All Microsoft Edge users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-120.0.2210.133" References ========== [ 1 ] CVE-2023-2312 https://nvd.nist.gov/vuln/detail/CVE-2023-2312 [ 2 ] CVE-2023-2929 https://nvd.nist.gov/vuln/detail/CVE-2023-2929 [ 3 ] CVE-2023-2930 https://nvd.nist.gov/vuln/detail/CVE-2023-2930 [ 4 ] CVE-2023-2931 https://nvd.nist.gov/vuln/detail/CVE-2023-2931 [ 5 ] CVE-2023-2932 https://nvd.nist.gov/vuln/detail/CVE-2023-2932 [ 6 ] CVE-2023-2933 https://nvd.nist.gov/vuln/detail/CVE-2023-2933 [ 7 ] CVE-2023-2934 https://nvd.nist.gov/vuln/detail/CVE-2023-2934 [ 8 ] CVE-2023-2935 https://nvd.nist.gov/vuln/detail/CVE-2023-2935 [ 9 ] CVE-2023-2936 https://nvd.nist.gov/vuln/detail/CVE-2023-2936 [ 10 ] CVE-2023-2937 https://nvd.nist.gov/vuln/detail/CVE-2023-2937 [ 11 ] CVE-2023-2938 https://nvd.nist.gov/vuln/detail/CVE-2023-2938 [ 12 ] CVE-2023-2939 https://nvd.nist.gov/vuln/detail/CVE-2023-2939 [ 13 ] CVE-2023-2940 https://nvd.nist.gov/vuln/detail/CVE-2023-2940 [ 14 ] CVE-2023-2941 https://nvd.nist.gov/vuln/detail/CVE-2023-2941 [ 15 ] CVE-2023-3079 https://nvd.nist.gov/vuln/detail/CVE-2023-3079 [ 16 ] CVE-2023-3214 https://nvd.nist.gov/vuln/detail/CVE-2023-3214 [ 17 ] CVE-2023-3215 https://nvd.nist.gov/vuln/detail/CVE-2023-3215 [ 18 ] CVE-2023-3216 https://nvd.nist.gov/vuln/detail/CVE-2023-3216 [ 19 ] CVE-2023-3217 https://nvd.nist.gov/vuln/detail/CVE-2023-3217 [ 20 ] CVE-2023-3420 https://nvd.nist.gov/vuln/detail/CVE-2023-3420 [ 21 ] CVE-2023-3421 https://nvd.nist.gov/vuln/detail/CVE-2023-3421 [ 22 ] CVE-2023-3422 https://nvd.nist.gov/vuln/detail/CVE-2023-3422 [ 23 ] CVE-2023-3727 https://nvd.nist.gov/vuln/detail/CVE-2023-3727 [ 24 ] CVE-2023-3728 https://nvd.nist.gov/vuln/detail/CVE-2023-3728 [ 25 ] CVE-2023-3730 https://nvd.nist.gov/vuln/detail/CVE-2023-3730 [ 26 ] CVE-2023-3732 https://nvd.nist.gov/vuln/detail/CVE-2023-3732 [ 27 ] CVE-2023-3733 https://nvd.nist.gov/vuln/detail/CVE-2023-3733 [ 28 ] CVE-2023-3734 https://nvd.nist.gov/vuln/detail/CVE-2023-3734 [ 29 ] CVE-2023-3735 https://nvd.nist.gov/vuln/detail/CVE-2023-3735 [ 30 ] CVE-2023-3736 https://nvd.nist.gov/vuln/detail/CVE-2023-3736 [ 31 ] CVE-2023-3737 https://nvd.nist.gov/vuln/detail/CVE-2023-3737 [ 32 ] CVE-2023-3738 https://nvd.nist.gov/vuln/detail/CVE-2023-3738 [ 33 ] CVE-2023-3740 https://nvd.nist.gov/vuln/detail/CVE-2023-3740 [ 34 ] CVE-2023-4068 https://nvd.nist.gov/vuln/detail/CVE-2023-4068 [ 35 ] CVE-2023-4069 https://nvd.nist.gov/vuln/detail/CVE-2023-4069 [ 36 ] CVE-2023-4070 https://nvd.nist.gov/vuln/detail/CVE-2023-4070 [ 37 ] CVE-2023-4071 https://nvd.nist.gov/vuln/detail/CVE-2023-4071 [ 38 ] CVE-2023-4072 https://nvd.nist.gov/vuln/detail/CVE-2023-4072 [ 39 ] CVE-2023-4073 https://nvd.nist.gov/vuln/detail/CVE-2023-4073 [ 40 ] CVE-2023-4074 https://nvd.nist.gov/vuln/detail/CVE-2023-4074 [ 41 ] CVE-2023-4075 https://nvd.nist.gov/vuln/detail/CVE-2023-4075 [ 42 ] CVE-2023-4076 https://nvd.nist.gov/vuln/detail/CVE-2023-4076 [ 43 ] CVE-2023-4077 https://nvd.nist.gov/vuln/detail/CVE-2023-4077 [ 44 ] CVE-2023-4078 https://nvd.nist.gov/vuln/detail/CVE-2023-4078 [ 45 ] CVE-2023-4349 https://nvd.nist.gov/vuln/detail/CVE-2023-4349 [ 46 ] CVE-2023-4350 https://nvd.nist.gov/vuln/detail/CVE-2023-4350 [ 47 ] CVE-2023-4351 https://nvd.nist.gov/vuln/detail/CVE-2023-4351 [ 48 ] CVE-2023-4352 https://nvd.nist.gov/vuln/detail/CVE-2023-4352 [ 49 ] CVE-2023-4353 https://nvd.nist.gov/vuln/detail/CVE-2023-4353 [ 50 ] CVE-2023-4354 https://nvd.nist.gov/vuln/detail/CVE-2023-4354 [ 51 ] CVE-2023-4355 https://nvd.nist.gov/vuln/detail/CVE-2023-4355 [ 52 ] CVE-2023-4356 https://nvd.nist.gov/vuln/detail/CVE-2023-4356 [ 53 ] CVE-2023-4357 https://nvd.nist.gov/vuln/detail/CVE-2023-4357 [ 54 ] CVE-2023-4358 https://nvd.nist.gov/vuln/detail/CVE-2023-4358 [ 55 ] CVE-2023-4359 https://nvd.nist.gov/vuln/detail/CVE-2023-4359 [ 56 ] CVE-2023-4360 https://nvd.nist.gov/vuln/detail/CVE-2023-4360 [ 57 ] CVE-2023-4361 https://nvd.nist.gov/vuln/detail/CVE-2023-4361 [ 58 ] CVE-2023-4362 https://nvd.nist.gov/vuln/detail/CVE-2023-4362 [ 59 ] CVE-2023-4363 https://nvd.nist.gov/vuln/detail/CVE-2023-4363 [ 60 ] CVE-2023-4364 https://nvd.nist.gov/vuln/detail/CVE-2023-4364 [ 61 ] CVE-2023-4365 https://nvd.nist.gov/vuln/detail/CVE-2023-4365 [ 62 ] CVE-2023-4366 https://nvd.nist.gov/vuln/detail/CVE-2023-4366 [ 63 ] CVE-2023-4367 https://nvd.nist.gov/vuln/detail/CVE-2023-4367 [ 64 ] CVE-2023-4368 https://nvd.nist.gov/vuln/detail/CVE-2023-4368 [ 65 ] CVE-2023-4427 https://nvd.nist.gov/vuln/detail/CVE-2023-4427 [ 66 ] CVE-2023-4428 https://nvd.nist.gov/vuln/detail/CVE-2023-4428 [ 67 ] CVE-2023-4429 https://nvd.nist.gov/vuln/detail/CVE-2023-4429 [ 68 ] CVE-2023-4430 https://nvd.nist.gov/vuln/detail/CVE-2023-4430 [ 69 ] CVE-2023-4431 https://nvd.nist.gov/vuln/detail/CVE-2023-4431 [ 70 ] CVE-2023-4572 https://nvd.nist.gov/vuln/detail/CVE-2023-4572 [ 71 ] CVE-2023-4761 https://nvd.nist.gov/vuln/detail/CVE-2023-4761 [ 72 ] CVE-2023-4762 https://nvd.nist.gov/vuln/detail/CVE-2023-4762 [ 73 ] CVE-2023-4763 https://nvd.nist.gov/vuln/detail/CVE-2023-4763 [ 74 ] CVE-2023-4764 https://nvd.nist.gov/vuln/detail/CVE-2023-4764 [ 75 ] CVE-2023-4900 https://nvd.nist.gov/vuln/detail/CVE-2023-4900 [ 76 ] CVE-2023-4901 https://nvd.nist.gov/vuln/detail/CVE-2023-4901 [ 77 ] CVE-2023-4902 https://nvd.nist.gov/vuln/detail/CVE-2023-4902 [ 78 ] CVE-2023-4903 https://nvd.nist.gov/vuln/detail/CVE-2023-4903 [ 79 ] CVE-2023-4904 https://nvd.nist.gov/vuln/detail/CVE-2023-4904 [ 80 ] CVE-2023-4905 https://nvd.nist.gov/vuln/detail/CVE-2023-4905 [ 81 ] CVE-2023-4906 https://nvd.nist.gov/vuln/detail/CVE-2023-4906 [ 82 ] CVE-2023-4907 https://nvd.nist.gov/vuln/detail/CVE-2023-4907 [ 83 ] CVE-2023-4908 https://nvd.nist.gov/vuln/detail/CVE-2023-4908 [ 84 ] CVE-2023-4909 https://nvd.nist.gov/vuln/detail/CVE-2023-4909 [ 85 ] CVE-2023-5186 https://nvd.nist.gov/vuln/detail/CVE-2023-5186 [ 86 ] CVE-2023-5187 https://nvd.nist.gov/vuln/detail/CVE-2023-5187 [ 87 ] CVE-2023-5217 https://nvd.nist.gov/vuln/detail/CVE-2023-5217 [ 88 ] CVE-2023-5218 https://nvd.nist.gov/vuln/detail/CVE-2023-5218 [ 89 ] CVE-2023-5346 https://nvd.nist.gov/vuln/detail/CVE-2023-5346 [ 90 ] CVE-2023-5472 https://nvd.nist.gov/vuln/detail/CVE-2023-5472 [ 91 ] CVE-2023-5473 https://nvd.nist.gov/vuln/detail/CVE-2023-5473 [ 92 ] CVE-2023-5474 https://nvd.nist.gov/vuln/detail/CVE-2023-5474 [ 93 ] CVE-2023-5475 https://nvd.nist.gov/vuln/detail/CVE-2023-5475 [ 94 ] CVE-2023-5476 https://nvd.nist.gov/vuln/detail/CVE-2023-5476 [ 95 ] CVE-2023-5477 https://nvd.nist.gov/vuln/detail/CVE-2023-5477 [ 96 ] CVE-2023-5478 https://nvd.nist.gov/vuln/detail/CVE-2023-5478 [ 97 ] CVE-2023-5479 https://nvd.nist.gov/vuln/detail/CVE-2023-5479 [ 98 ] CVE-2023-5480 https://nvd.nist.gov/vuln/detail/CVE-2023-5480 [ 99 ] CVE-2023-5481 https://nvd.nist.gov/vuln/detail/CVE-2023-5481 [ 100 ] CVE-2023-5482 https://nvd.nist.gov/vuln/detail/CVE-2023-5482 [ 101 ] CVE-2023-5483 https://nvd.nist.gov/vuln/detail/CVE-2023-5483 [ 102 ] CVE-2023-5484 https://nvd.nist.gov/vuln/detail/CVE-2023-5484 [ 103 ] CVE-2023-5485 https://nvd.nist.gov/vuln/detail/CVE-2023-5485 [ 104 ] CVE-2023-5486 https://nvd.nist.gov/vuln/detail/CVE-2023-5486 [ 105 ] CVE-2023-5487 https://nvd.nist.gov/vuln/detail/CVE-2023-5487 [ 106 ] CVE-2023-5849 https://nvd.nist.gov/vuln/detail/CVE-2023-5849 [ 107 ] CVE-2023-5850 https://nvd.nist.gov/vuln/detail/CVE-2023-5850 [ 108 ] CVE-2023-5851 https://nvd.nist.gov/vuln/detail/CVE-2023-5851 [ 109 ] CVE-2023-5852 https://nvd.nist.gov/vuln/detail/CVE-2023-5852 [ 110 ] CVE-2023-5853 https://nvd.nist.gov/vuln/detail/CVE-2023-5853 [ 111 ] CVE-2023-5854 https://nvd.nist.gov/vuln/detail/CVE-2023-5854 [ 112 ] CVE-2023-5855 https://nvd.nist.gov/vuln/detail/CVE-2023-5855 [ 113 ] CVE-2023-5856 https://nvd.nist.gov/vuln/detail/CVE-2023-5856 [ 114 ] CVE-2023-5857 https://nvd.nist.gov/vuln/detail/CVE-2023-5857 [ 115 ] CVE-2023-5858 https://nvd.nist.gov/vuln/detail/CVE-2023-5858 [ 116 ] CVE-2023-5859 https://nvd.nist.gov/vuln/detail/CVE-2023-5859 [ 117 ] CVE-2023-5996 https://nvd.nist.gov/vuln/detail/CVE-2023-5996 [ 118 ] CVE-2023-5997 https://nvd.nist.gov/vuln/detail/CVE-2023-5997 [ 119 ] CVE-2023-6112 https://nvd.nist.gov/vuln/detail/CVE-2023-6112 [ 120 ] CVE-2023-6345 https://nvd.nist.gov/vuln/detail/CVE-2023-6345 [ 121 ] CVE-2023-6346 https://nvd.nist.gov/vuln/detail/CVE-2023-6346 [ 122 ] CVE-2023-6347 https://nvd.nist.gov/vuln/detail/CVE-2023-6347 [ 123 ] CVE-2023-6348 https://nvd.nist.gov/vuln/detail/CVE-2023-6348 [ 124 ] CVE-2023-6350 https://nvd.nist.gov/vuln/detail/CVE-2023-6350 [ 125 ] CVE-2023-6351 https://nvd.nist.gov/vuln/detail/CVE-2023-6351 [ 126 ] CVE-2023-6508 https://nvd.nist.gov/vuln/detail/CVE-2023-6508 [ 127 ] CVE-2023-6509 https://nvd.nist.gov/vuln/detail/CVE-2023-6509 [ 128 ] CVE-2023-6510 https://nvd.nist.gov/vuln/detail/CVE-2023-6510 [ 129 ] CVE-2023-6511 https://nvd.nist.gov/vuln/detail/CVE-2023-6511 [ 130 ] CVE-2023-6512 https://nvd.nist.gov/vuln/detail/CVE-2023-6512 [ 131 ] CVE-2023-6702 https://nvd.nist.gov/vuln/detail/CVE-2023-6702 [ 132 ] CVE-2023-6703 https://nvd.nist.gov/vuln/detail/CVE-2023-6703 [ 133 ] CVE-2023-6704 https://nvd.nist.gov/vuln/detail/CVE-2023-6704 [ 134 ] CVE-2023-6705 https://nvd.nist.gov/vuln/detail/CVE-2023-6705 [ 135 ] CVE-2023-6706 https://nvd.nist.gov/vuln/detail/CVE-2023-6706 [ 136 ] CVE-2023-6707 https://nvd.nist.gov/vuln/detail/CVE-2023-6707 [ 137 ] CVE-2023-7024 https://nvd.nist.gov/vuln/detail/CVE-2023-7024 [ 138 ] CVE-2024-0222 https://nvd.nist.gov/vuln/detail/CVE-2024-0222 [ 139 ] CVE-2024-0223 https://nvd.nist.gov/vuln/detail/CVE-2024-0223 [ 140 ] CVE-2024-0224 https://nvd.nist.gov/vuln/detail/CVE-2024-0224 [ 141 ] CVE-2024-0225 https://nvd.nist.gov/vuln/detail/CVE-2024-0225 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202401-34 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5