GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Jun 20, 2018 1:26 am Post subject: [ GLSA 201806-06 ] Chromium, Google Chrome |
 |
|
Gentoo Linux Security Advisory
Title: Chromium, Google Chrome: User-assisted execution of arbitrary code (GLSA 201806-06)
Severity: normal
Exploitable: remote
Date: 2018-06-20
Bug(s): #658040
ID: 201806-06
Synopsis
A vulnerablity has been found in Chromium and Chrome that could
allow a remote attacker to execute arbitrary code.
Background
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your
devices.
Affected Packages
Package: www-client/chromium
Vulnerable: < 67.0.3396.87
Unaffected: >= 67.0.3396.87
Architectures: All supported architectures
Package: www-client/chrome
Vulnerable: < 67.0.3396.87
Unaffected: >= 67.0.3396.87
Architectures: All supported architectures
Description
An out of bounds flaw has discovered in Chromium and Chrome’s V8
component.
Impact
A remote attacker, by enticing a user to visit a specially crafted
website, could execute arbitrary code with the privileges of the process
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/chromium-67.0.3396.87"
|
All Chrome users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chrome-67.0.3396.87"
|
References
CVE-2018-6149 |
|
News & Announcements
