[ GLSA 202004-09 ] Chromium, Google Chrome

[GLSA]

Gentoo Linux Security Advisory

Title: Chromium, Google Chrome: Multiple vulnerabilities (GLSA 202004-09)
Severity: normal
Exploitable: remote
Date: 2020-04-10
Bug(s): #715720, #716612
ID: 202004-09

Synopsis

Multiple vulnerabilities have been found in Chromium and Google
Chrome, the worst of which could allow remote attackers to execute
arbitrary code.


Background

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your
devices.


Affected Packages

Package: www-client/chromium
Vulnerable: < 81.0.4044.92
Unaffected: >= 81.0.4044.92
Architectures: All supported architectures

Package: www-client/google-chrome
Vulnerable: < 81.0.4044.92
Unaffected: >= 81.0.4044.92
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in Chromium and Google
Chrome. Please review the referenced CVE identifiers for details.


Impact

A remote attacker could entice a user to open a specially crafted HTML
or multimedia file using Chromium or Google Chrome, possibly resulting in
execution of arbitrary code with the privileges of the process or a
Denial of Service condition.


Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version: