GLSA 202208-35: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Severity: | high |
Title: | Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities |
Date: | 08/21/2022 |
Bugs: |
|
ID: | 202208-35 |
Synopsis
Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.Background
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
Affected packages
Package | Vulnerable | Unaffected | Architecture(s) |
---|---|---|---|
www-client/microsoft-edge | < 104.0.1293.63 | >= 104.0.1293.63 | All supported architectures |
www-client/google-chrome | < 104.0.5112.101 | >= 104.0.5112.101 | All supported architectures |
www-client/chromium-bin | < 104.0.5112.101 | >= 104.0.5112.101 | All supported architectures |
www-client/chromium | < 104.0.5112.101 | >= 104.0.5112.101 | All supported architectures |
Description
Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-104.0.5112.101"
All Chromium binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-bin-104.0.5112.101"
All Google Chrome users should upgrade to tha latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-104.0.5112.101"
All Microsoft Edge users should upgrade to tha latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-104.0.1293.63"
References
CVE-2022-35796 CVE-2022-33649 CVE-2022-33636 CVE-2022-2861 CVE-2022-2860 CVE-2022-2859 CVE-2022-2858 CVE-2022-2857 CVE-2022-2856 CVE-2022-2855 CVE-2022-2854 CVE-2022-2853 CVE-2022-2852 CVE-2022-2624 CVE-2022-2623 CVE-2022-2622 CVE-2022-2621 CVE-2022-2620 CVE-2022-2619 CVE-2022-2618 CVE-2022-2617 CVE-2022-2616 CVE-2022-2615 CVE-2022-2614 CVE-2022-2613 CVE-2022-2612 CVE-2022-2611 CVE-2022-2610 CVE-2022-2609 CVE-2022-2608 CVE-2022-2607 CVE-2022-2606 CVE-2022-2605 CVE-2022-2604 CVE-2022-2603 CVE-2022-2481 CVE-2022-2480 CVE-2022-2479 CVE-2022-2478 CVE-2022-2477 CVE-2022-2296 CVE-2022-2295 CVE-2022-2294 CVE-2022-2163
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.