Alert GCSA-17032 - Vulnerabilita' multiple in Google Chrome
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
*****************************************************************
Alert ID : GCSA-17032
Data : 07 Giugno 2017
Titolo : Vulnerabilita' multiple in Google Chrome
******************************************************************
:: Descrizione del problema
Google ha rilasciato una nuova versione del browser Chrome che risolve
alcune vulnerabilita' presenti del software.
Per una descrizione completa delle vulnerabilita' si rimanda alla
sezione 'Riferimenti'.
:: Software interessato
Google Chrome versioni precedenti alla 59.0.3071.86 per Windows e Mac e
per Linux
:: Impatto
Esecuzione remota di codice arbitrario
Bypass di restrizioni di sicurezza
Controllo completo della macchina affetta
Accesso utente da remoto
Spoofing di URL
:: Soluzioni
Aggiornare Google Chrome all'ultima versione
L'aggiornamento sara' automatico per tutte le installazioni in cui non
sia stato disattivata l'opzione 'aggiornamento automatico'.
Per l'installazione manuale scaricare il software dal sito ufficiale:
http://www.google.com/chrome/?hl=it
:: Riferimenti
Google Chrome Advisory
http://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
US-CERT
https://www.us-cert.gov/ncas/current-activity/2017/06/06/Google-Releases-Security-Updates-Chrome
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5086
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlk4JvYACgkQwZxMk2USYELfyACgpKjhqskM/QcPFYTl5nq1RTYq
puUAoKtyLliWR2OpXDcwLsDWdIoeMmUU
=WZWa
-----END PGP SIGNATURE-----
Hash: SHA1
*****************************************************************
Alert ID : GCSA-17032
Data : 07 Giugno 2017
Titolo : Vulnerabilita' multiple in Google Chrome
******************************************************************
:: Descrizione del problema
Google ha rilasciato una nuova versione del browser Chrome che risolve
alcune vulnerabilita' presenti del software.
Per una descrizione completa delle vulnerabilita' si rimanda alla
sezione 'Riferimenti'.
:: Software interessato
Google Chrome versioni precedenti alla 59.0.3071.86 per Windows e Mac e
per Linux
:: Impatto
Esecuzione remota di codice arbitrario
Bypass di restrizioni di sicurezza
Controllo completo della macchina affetta
Accesso utente da remoto
Spoofing di URL
:: Soluzioni
Aggiornare Google Chrome all'ultima versione
L'aggiornamento sara' automatico per tutte le installazioni in cui non
sia stato disattivata l'opzione 'aggiornamento automatico'.
Per l'installazione manuale scaricare il software dal sito ufficiale:
http://www.google.com/chrome/?hl=it
:: Riferimenti
Google Chrome Advisory
http://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html
US-CERT
https://www.us-cert.gov/ncas/current-activity/2017/06/06/Google-Releases-Security-Updates-Chrome
Mitre CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5086
GARR CERT Newsletter subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlk4JvYACgkQwZxMk2USYELfyACgpKjhqskM/QcPFYTl5nq1RTYq
puUAoKtyLliWR2OpXDcwLsDWdIoeMmUU
=WZWa
-----END PGP SIGNATURE-----