GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Aug 25, 2020 2:26 pm Post subject: [ GLSA 202008-10 ] Chromium, Google Chrome |
 |
|
Gentoo Linux Security Advisory
Title: Chromium, Google Chrome: Heap buffer overflow (GLSA 202008-10)
Severity: normal
Exploitable: remote
Date: 2020-08-25
Bug(s): #737942
ID: 202008-10
Synopsis
A vulnerablity has been found in Chromium and Google Chrome that could
allow a remote attacker to execute arbitrary code.
Background
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your
devices.
Affected Packages
Package: www-client/chromium
Vulnerable: < 84.0.4147.135
Unaffected: >= 84.0.4147.135
Architectures: All supported architectures
Package: www-client/google-chrome
Vulnerable: < 84.0.4147.135
Unaffected: >= 84.0.4147.135
Architectures: All supported architectures
Description
A buffer overflow has been discovered in Chromium and Google Chrome’s
SwiftShader component.
Impact
A remote attacker, by enticing a user to visit a specially crafted
website, could execute arbitrary code with the privileges of the process.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/chromium-84.0.4147.135"
|
All Google Chrome users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=www-client/google-chrome-84.0.4147.135"
|
References
CVE-2020-6556
Upstream advisory
|
|
News & Announcements
