Alert GCSA-20010 - Vulnerabilita' in Google Chrome
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-20010
Data: 10 Febbraio 2020
Titolo: Vulnerabilita' in Google Chrome
******************************************************************
:: Descrizione del problema
Google ha rilasciato una nuova versione del browser Chrome
con la quale risolve 56 bug di sicurezza di cui molti di livello critico.
Queste vulnerabilita' possono essere sfruttate per consentire di
eseguire codice arbitrario nel browser, o causare Denial of Service, ottenere il controllo completo di un sistema.
Per una descrizione completa delle vulnerabilita'
consultare i link alla sezione "Riferimenti".
:: Software interessato
Google Chrome versioni precedenti alla 80.0.3987.87 per Windows, Mac e
Linux
:: Impatto
Denial of Service
Remote Code Execution
Compromissione di un sistema
:: Soluzioni
Aggiornare Google Chrome alla versione piu' recente
L'aggiornamento sara' automatico per tutte le installazioni
in cui non sia stato disattivata l'opzione "aggiornamento
automatico".
Per l'installazione manuale scaricare il software dal sito
ufficiale:
http://www.google.com/chrome/?hl=it
:: Riferimenti
Google Chrome Advisory
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
CERT Nazionale
https://www.certnazionale.it/news/2020/02/05/google-risolve-diverse-vulnerabilita-in-chrome-80/
US-CERT
https://www.us-cert.gov/ncas/current-activity/2020/02/05/google-releases-security-updates-chrome
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6417
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCXkEWNQAKCRDBnEyTZRJg
QuRDAKCzHlEK2fjeQpJr7G/TSyPbn3+WGQCeOTA7tw7W8sLPPMrPgbC/YSyPnfo=
=CpH6
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-20010
Data: 10 Febbraio 2020
Titolo: Vulnerabilita' in Google Chrome
******************************************************************
:: Descrizione del problema
Google ha rilasciato una nuova versione del browser Chrome
con la quale risolve 56 bug di sicurezza di cui molti di livello critico.
Queste vulnerabilita' possono essere sfruttate per consentire di
eseguire codice arbitrario nel browser, o causare Denial of Service, ottenere il controllo completo di un sistema.
Per una descrizione completa delle vulnerabilita'
consultare i link alla sezione "Riferimenti".
:: Software interessato
Google Chrome versioni precedenti alla 80.0.3987.87 per Windows, Mac e
Linux
:: Impatto
Denial of Service
Remote Code Execution
Compromissione di un sistema
:: Soluzioni
Aggiornare Google Chrome alla versione piu' recente
L'aggiornamento sara' automatico per tutte le installazioni
in cui non sia stato disattivata l'opzione "aggiornamento
automatico".
Per l'installazione manuale scaricare il software dal sito
ufficiale:
http://www.google.com/chrome/?hl=it
:: Riferimenti
Google Chrome Advisory
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
CERT Nazionale
https://www.certnazionale.it/news/2020/02/05/google-risolve-diverse-vulnerabilita-in-chrome-80/
US-CERT
https://www.us-cert.gov/ncas/current-activity/2020/02/05/google-releases-security-updates-chrome
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6381
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6387
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6388
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6389
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6390
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6392
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6395
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6401
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6403
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6408
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6415
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6417
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCXkEWNQAKCRDBnEyTZRJg
QuRDAKCzHlEK2fjeQpJr7G/TSyPbn3+WGQCeOTA7tw7W8sLPPMrPgbC/YSyPnfo=
=CpH6
-----END PGP SIGNATURE-----