Alert GCSA-22040 - Aggiornamento per Google Chrome (Major Security Update)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-22040
Data: 31 Marzo 2022
Titolo: Aggiornamento per Google Chrome (Major Security Update)
******************************************************************
:: Descrizione del problema
Google ha rilasciato una nuova versione del browser Chrome
con la quale risolve 28 vulnerabilita', di cui 9 gravi,
che potrebbero essere sfruttate da un attaccante remoto per
eseguire codice arbitrario su un sistema target.
Per una descrizione completa delle vulnerabilita'
consultare i link alla sezione "Riferimenti".
:: Software interessato
Google Chrome versioni precedenti alla 100.0.4896.60
per Windows, Mac e Linux
:: Impatto
Remote Code Execution
Privilege escalation
Esposizione dati sensibili
Compromissione di un sistema
:: Soluzioni
Aggiornare Google Chrome alla versione indicata.
L'aggiornamento sara' automatico per tutte le installazioni in cui non sia
stata disattivata l'opzione "aggiornamento automatico".
Per l'installazione manuale scaricare il software dal sito ufficiale:
http://www.google.com/chrome/?hl=it
:: Riferimenti
Chrome Releases: Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2022-042
SecurityWeek
https://www.securityweek.com/chrome-browser-gets-major-security-update
RedPacketSecurity
https://www.redpacketsecurity.com/update-now-google-launches-chrome-version-100-and-fixes-28-vulnerabilities/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1146
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAmJFb7MACgkQwZxMk2USYELocQCgj/stvH1BdXbjUy1hsi1dm/t4
+SoAoKHwANa6Vm5e4eOCulEF1zE2A9yp
=Hgzi
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-22040
Data: 31 Marzo 2022
Titolo: Aggiornamento per Google Chrome (Major Security Update)
******************************************************************
:: Descrizione del problema
Google ha rilasciato una nuova versione del browser Chrome
con la quale risolve 28 vulnerabilita', di cui 9 gravi,
che potrebbero essere sfruttate da un attaccante remoto per
eseguire codice arbitrario su un sistema target.
Per una descrizione completa delle vulnerabilita'
consultare i link alla sezione "Riferimenti".
:: Software interessato
Google Chrome versioni precedenti alla 100.0.4896.60
per Windows, Mac e Linux
:: Impatto
Remote Code Execution
Privilege escalation
Esposizione dati sensibili
Compromissione di un sistema
:: Soluzioni
Aggiornare Google Chrome alla versione indicata.
L'aggiornamento sara' automatico per tutte le installazioni in cui non sia
stata disattivata l'opzione "aggiornamento automatico".
Per l'installazione manuale scaricare il software dal sito ufficiale:
http://www.google.com/chrome/?hl=it
:: Riferimenti
Chrome Releases: Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html
CIS - Center for Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2022-042
SecurityWeek
https://www.securityweek.com/chrome-browser-gets-major-security-update
RedPacketSecurity
https://www.redpacketsecurity.com/update-now-google-launches-chrome-version-100-and-fixes-28-vulnerabilities/
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1125
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1128
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1130
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1132
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1133
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1134
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1135
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1136
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1139
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1141
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1146
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAmJFb7MACgkQwZxMk2USYELocQCgj/stvH1BdXbjUy1hsi1dm/t4
+SoAoKHwANa6Vm5e4eOCulEF1zE2A9yp
=Hgzi
-----END PGP SIGNATURE-----