Alert GCSA-21001 - Vulnerabilita' in Google Chrome
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-21001
Data: 08 Gennaio 2021
Titolo: Vulnerabilita' in Google Chrome
******************************************************************
:: Descrizione del problema
Google ha rilasciato una nuova versione del browser Chrome
con la quale risolve numerose vulnerabilita' che potrebbero essere
sfruttate per consentire ottenere il controllo di un sistema che ne sia
affetto.
Per una descrizione completa delle vulnerabilita'
consultare i link alla sezione "Riferimenti".
:: Software interessato
Google Chrome versioni precedenti alla 87.0.4280.141 per Windows e
Linux e Mac.
:: Impatto
Remote Code Execution
Security Restriction Bypass
:: Soluzioni
Aggiornare Google Chrome alla versione piu' recente
L'aggiornamento sara' automatico per tutte le installazioni
in cui non sia stato disattivata l'opzione "aggiornamento
automatico".
Per l'installazione manuale scaricare il software dal sito
ufficiale:
http://www.google.com/chrome/?hl=it
:: Riferimenti
Google Chrome Advisory
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html
US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2021/01/07/google-releases-security-updates-chrome
CIS Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2021-004/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21116
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCX/g32AAKCRDBnEyTZRJg
QswgAKC0/C94U3Qgk3sqQLlqHv9EUkUqxwCgwLPTyc/Y/bhSOHtyZ+oRfEStRBs=
=nAtb
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-21001
Data: 08 Gennaio 2021
Titolo: Vulnerabilita' in Google Chrome
******************************************************************
:: Descrizione del problema
Google ha rilasciato una nuova versione del browser Chrome
con la quale risolve numerose vulnerabilita' che potrebbero essere
sfruttate per consentire ottenere il controllo di un sistema che ne sia
affetto.
Per una descrizione completa delle vulnerabilita'
consultare i link alla sezione "Riferimenti".
:: Software interessato
Google Chrome versioni precedenti alla 87.0.4280.141 per Windows e
Linux e Mac.
:: Impatto
Remote Code Execution
Security Restriction Bypass
:: Soluzioni
Aggiornare Google Chrome alla versione piu' recente
L'aggiornamento sara' automatico per tutte le installazioni
in cui non sia stato disattivata l'opzione "aggiornamento
automatico".
Per l'installazione manuale scaricare il software dal sito
ufficiale:
http://www.google.com/chrome/?hl=it
:: Riferimenti
Google Chrome Advisory
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html
US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2021/01/07/google-releases-security-updates-chrome
CIS Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2021-004/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21106
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21114
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21116
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCX/g32AAKCRDBnEyTZRJg
QswgAKC0/C94U3Qgk3sqQLlqHv9EUkUqxwCgwLPTyc/Y/bhSOHtyZ+oRfEStRBs=
=nAtb
-----END PGP SIGNATURE-----