Chromium, Google Chrome: Multiple vulnerabilities



  • When is stable channel receiving the necessary Chromium version bump? (>= 65.0.3325.146)

    
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory                           GLSA 201803-05
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                               https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    
     Severity: Normal
        Title: Chromium, Google Chrome: Multiple vulnerabilities
         Date: March 13, 2018
         Bugs: #649800
           ID: 201803-05
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    
    Synopsis
    ========
    
    Multiple vulnerabilities have been found in Chromium and Google Chrome,
    the worst of which could result in the execution of arbitrary code.
    
    Background
    ==========
    
    Chromium is an open-source browser project that aims to build a safer,
    faster, and more stable way for all users to experience the web.
    
    Google Chrome is one fast, simple, and secure browser for all your
    devices.
    
    Affected packages
    =================
    
        -------------------------------------------------------------------
         Package              /     Vulnerable     /            Unaffected
        -------------------------------------------------------------------
      1  www-client/chromium      < 65.0.3325.146        >= 65.0.3325.146 
      2  www-client/google-chrome
                                  < 65.0.3325.146        >= 65.0.3325.146 
        -------------------------------------------------------------------
         2 affected packages
    
    Description
    ===========
    
    Multiple vulnerabilities have been discovered in Chromium and Google
    Chrome. Please review the referenced CVE identifiers and Google Chrome
    Releases for details.
    
    Impact
    ======
    
    A remote attacker could possibly execute arbitrary code with the
    privileges of the process, cause a Denial of Service condition, bypass
    content security controls, or conduct URL spoofing.
    
    Workaround
    ==========
    
    There is no known workaround at this time.
    
    Resolution
    ==========
    
    All Chromium users should upgrade to the latest version:
    
      # emerge --sync
      # emerge --ask --oneshot -v ">=www-client/chromium-65.0.3325.146"
    
    All Google Chrome users should upgrade to the latest version:
    
      # emerge --sync
      # emerge -a --oneshot -v ">=www-client/google-chrome-65.0.3325.146"
    
    References
    ==========
    
    [  1 ] CVE-2018-6057
           https://nvd.nist.gov/vuln/detail/CVE-2018-6057
    [  2 ] CVE-2018-6058
           https://nvd.nist.gov/vuln/detail/CVE-2018-6058
    [  3 ] CVE-2018-6059
           https://nvd.nist.gov/vuln/detail/CVE-2018-6059
    [  4 ] CVE-2018-6060
           https://nvd.nist.gov/vuln/detail/CVE-2018-6060
    [  5 ] CVE-2018-6061
           https://nvd.nist.gov/vuln/detail/CVE-2018-6061
    [  6 ] CVE-2018-6062
           https://nvd.nist.gov/vuln/detail/CVE-2018-6062
    [  7 ] CVE-2018-6063
           https://nvd.nist.gov/vuln/detail/CVE-2018-6063
    [  8 ] CVE-2018-6064
           https://nvd.nist.gov/vuln/detail/CVE-2018-6064
    [  9 ] CVE-2018-6065
           https://nvd.nist.gov/vuln/detail/CVE-2018-6065
    [ 10 ] CVE-2018-6066
           https://nvd.nist.gov/vuln/detail/CVE-2018-6066
    [ 11 ] CVE-2018-6067
           https://nvd.nist.gov/vuln/detail/CVE-2018-6067
    [ 12 ] CVE-2018-6068
           https://nvd.nist.gov/vuln/detail/CVE-2018-6068
    [ 13 ] CVE-2018-6069
           https://nvd.nist.gov/vuln/detail/CVE-2018-6069
    [ 14 ] CVE-2018-6070
           https://nvd.nist.gov/vuln/detail/CVE-2018-6070
    [ 15 ] CVE-2018-6071
           https://nvd.nist.gov/vuln/detail/CVE-2018-6071
    [ 16 ] CVE-2018-6072
           https://nvd.nist.gov/vuln/detail/CVE-2018-6072
    [ 17 ] CVE-2018-6073
           https://nvd.nist.gov/vuln/detail/CVE-2018-6073
    [ 18 ] CVE-2018-6074
           https://nvd.nist.gov/vuln/detail/CVE-2018-6074
    [ 19 ] CVE-2018-6075
           https://nvd.nist.gov/vuln/detail/CVE-2018-6075
    [ 20 ] CVE-2018-6076
           https://nvd.nist.gov/vuln/detail/CVE-2018-6076
    [ 21 ] CVE-2018-6077
           https://nvd.nist.gov/vuln/detail/CVE-2018-6077
    [ 22 ] CVE-2018-6078
           https://nvd.nist.gov/vuln/detail/CVE-2018-6078
    [ 23 ] CVE-2018-6079
           https://nvd.nist.gov/vuln/detail/CVE-2018-6079
    [ 24 ] CVE-2018-6080
           https://nvd.nist.gov/vuln/detail/CVE-2018-6080
    [ 25 ] CVE-2018-6081
           https://nvd.nist.gov/vuln/detail/CVE-2018-6081
    [ 26 ] CVE-2018-6082
           https://nvd.nist.gov/vuln/detail/CVE-2018-6082
    [ 27 ] CVE-2018-6083
           https://nvd.nist.gov/vuln/detail/CVE-2018-6083
    [ 28 ] Google Chrome Release 20180306
           https://chromereleases.googleblog.com/2018/03/stable-channel-upd
    ate-for-desktop.html
    
    Availability
    ============
    
    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:
    
     https://security.gentoo.org/glsa/201803-05
    
    Concerns?
    =========
    
    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to
    security@gentoo.org or alternatively, you may file a bug at
    https://bugs.gentoo.org.
    
    License
    =======
    
    Copyright 2018 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).
    
    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.
    
    https://creativecommons.org/licenses/by-sa/2.5
    
    
    


  • @paludis I would like to think based on this:

    @ayespy said in Bookmarks added to main menu – Vivaldi Browser Snapshot 1.15.1111.3:

    @saudiqbal The developers are trying to slay some pretty gnarly regressions. There will not be an update until these are sorted.

    That they're in the process of integrating it now and it will be in the next snapshot when it is ready.



  • Personally I think security issues in the stable channel should receiver priority over any other development, but well, maybe that is just me..


 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.