Alert GCSA-20106 - Vulnerabilita' in Google Chrome
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-20106
Data: 20 Novembre 2020
Titolo: Vulnerabilita' in Google Chrome
******************************************************************
:: Descrizione del problema
Google ha rilasciato una nuova versione del browser Chrome
con la quale risolve vulnerabilita' che potrebbero essere sfruttate
per consentire ottenere il controllo di un sistema che ne sia affetto.
Per una descrizione completa delle vulnerabilita'
consultare i link alla sezione "Riferimenti".
:: Software interessato
Google Chrome versioni precedenti alla 87.0.4280.66 per Windows e
Linux, e alla 87.0.4280.67 per Mac
:: Impatto
Remote Code Execution
Security Restriction Bypass
:: Soluzioni
Aggiornare Google Chrome alla versione piu' recente
L'aggiornamento sara' automatico per tutte le installazioni
in cui non sia stato disattivata l'opzione "aggiornamento
automatico".
Per l'installazione manuale scaricare il software dal sito
ufficiale:
http://www.google.com/chrome/?hl=it
:: Riferimenti
Google Chrome Advisory
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html
US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2020/11/19/google-releases-security-updates-chrome
CIS Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2020-154/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16036
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCX7eVOAAKCRDBnEyTZRJg
Ql2cAKCoGT1mEj6OMxYZil8Hfo/381uX4wCgz+s1l5sxGjJPfXxvpqO8BnqCvWA=
=oHrP
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-20106
Data: 20 Novembre 2020
Titolo: Vulnerabilita' in Google Chrome
******************************************************************
:: Descrizione del problema
Google ha rilasciato una nuova versione del browser Chrome
con la quale risolve vulnerabilita' che potrebbero essere sfruttate
per consentire ottenere il controllo di un sistema che ne sia affetto.
Per una descrizione completa delle vulnerabilita'
consultare i link alla sezione "Riferimenti".
:: Software interessato
Google Chrome versioni precedenti alla 87.0.4280.66 per Windows e
Linux, e alla 87.0.4280.67 per Mac
:: Impatto
Remote Code Execution
Security Restriction Bypass
:: Soluzioni
Aggiornare Google Chrome alla versione piu' recente
L'aggiornamento sara' automatico per tutte le installazioni
in cui non sia stato disattivata l'opzione "aggiornamento
automatico".
Per l'installazione manuale scaricare il software dal sito
ufficiale:
http://www.google.com/chrome/?hl=it
:: Riferimenti
Google Chrome Advisory
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_11.html
US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2020/11/19/google-releases-security-updates-chrome
CIS Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2020-154/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16035
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16036
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCX7eVOAAKCRDBnEyTZRJg
Ql2cAKCoGT1mEj6OMxYZil8Hfo/381uX4wCgz+s1l5sxGjJPfXxvpqO8BnqCvWA=
=oHrP
-----END PGP SIGNATURE-----