Alert GCSA-21001 - Vulnerabilita' in Google Chrome

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




******************************************************************

Alert ID: GCSA-21001
Data: 08 Gennaio 2021
Titolo: Vulnerabilita' in Google Chrome

******************************************************************


:: Descrizione del problema

Google ha rilasciato una nuova versione del browser Chrome
con la quale risolve numerose vulnerabilita' che potrebbero essere
sfruttate per consentire ottenere il controllo di un sistema che ne sia
affetto.

Per una descrizione completa delle vulnerabilita'
consultare i link alla sezione "Riferimenti".


:: Software interessato

Google Chrome versioni precedenti alla 87.0.4280.141 per Windows e
Linux e Mac.


:: Impatto

Remote Code Execution
Security Restriction Bypass


:: Soluzioni

Aggiornare Google Chrome alla versione piu' recente

L'aggiornamento sara' automatico per tutte le installazioni
in cui non sia stato disattivata l'opzione "aggiornamento
automatico".

Per l'installazione manuale scaricare il software dal sito
ufficiale:

http://www.google.com/chrome/?hl=it


:: Riferimenti

Google Chrome Advisory
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html

US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2021/01/07/google-releases-security-updates-chrome

CIS Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2021-004/

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21116




GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert





-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCX/g32AAKCRDBnEyTZRJg
QswgAKC0/C94U3Qgk3sqQLlqHv9EUkUqxwCgwLPTyc/Y/bhSOHtyZ+oRfEStRBs=
=nAtb
-----END PGP SIGNATURE-----