Alert GCSA-19123 - Vulnerabilita' in Google Chrome
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-19123
Data: 13 Dicembre 2019
Titolo: Vulnerabilita' in Google Chrome
******************************************************************
:: Descrizione del problema
Google ha rilasciato una nuova versione del browser Chrome
con la quale risolve 51 bug di sicurezza, di cui due critici e 8 di
gravita' elevata.
Queste vulnerabilita' possono essere sfruttate se un utente viene
indotto a visitare o viene reindirizzato su una pagina Web appositamente
predisposta. Lo sfruttamente di queste vulnerabilita' consente di
eseguire codice arbitrario nel browser, ottenere informazioni sensibili,
aggirare restrizioni di sicurezza o causare Denial of Service.
Per una descrizione completa delle vulnerabilita'
consultare i link alla sezione "Riferimenti".
:: Software interessato
Google Chrome versioni precedenti alla 79.0.3945.79 per Windows, Mac e Linux
:: Impatto
Denial of Service
Remote Code Execution
Security Restriction Bypass
Information Disclosure
:: Soluzioni
Aggiornare Google Chrome alla versione piu' recente
L'aggiornamento sara' automatico per tutte le installazioni
in cui non sia stato disattivata l'opzione "aggiornamento
automatico".
Per l'installazione manuale scaricare il software dal sito
ufficiale:
http://www.google.com/chrome/?hl=it
:: Riferimenti
Google Chrome Advisory
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
CERT-PA
https://www.cert-pa.it/notizie/rilascio-aggiornamenti-di-sicurezza-microsoft-adobe-e-chrome-dicembre-2019/
CERT Nazionale
https://www.certnazionale.it/news/2019/12/11/google-risolve-diverse-vulnerabilita-in-chrome-79/
US-CERT
https://www.us-cert.gov/ncas/current-activity/2019/12/10/google-releases-security-updates-chrome
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13764
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCXfOBWQAKCRDBnEyTZRJg
Qu1pAJ9Wgo4rlZgQX1l5onMCPPvfd/BCFgCeJaHqAvi8G5r1jAh/yqNwo9FYjIA=
=3/Cs
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-19123
Data: 13 Dicembre 2019
Titolo: Vulnerabilita' in Google Chrome
******************************************************************
:: Descrizione del problema
Google ha rilasciato una nuova versione del browser Chrome
con la quale risolve 51 bug di sicurezza, di cui due critici e 8 di
gravita' elevata.
Queste vulnerabilita' possono essere sfruttate se un utente viene
indotto a visitare o viene reindirizzato su una pagina Web appositamente
predisposta. Lo sfruttamente di queste vulnerabilita' consente di
eseguire codice arbitrario nel browser, ottenere informazioni sensibili,
aggirare restrizioni di sicurezza o causare Denial of Service.
Per una descrizione completa delle vulnerabilita'
consultare i link alla sezione "Riferimenti".
:: Software interessato
Google Chrome versioni precedenti alla 79.0.3945.79 per Windows, Mac e Linux
:: Impatto
Denial of Service
Remote Code Execution
Security Restriction Bypass
Information Disclosure
:: Soluzioni
Aggiornare Google Chrome alla versione piu' recente
L'aggiornamento sara' automatico per tutte le installazioni
in cui non sia stato disattivata l'opzione "aggiornamento
automatico".
Per l'installazione manuale scaricare il software dal sito
ufficiale:
http://www.google.com/chrome/?hl=it
:: Riferimenti
Google Chrome Advisory
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
CERT-PA
https://www.cert-pa.it/notizie/rilascio-aggiornamenti-di-sicurezza-microsoft-adobe-e-chrome-dicembre-2019/
CERT Nazionale
https://www.certnazionale.it/news/2019/12/11/google-risolve-diverse-vulnerabilita-in-chrome-79/
US-CERT
https://www.us-cert.gov/ncas/current-activity/2019/12/10/google-releases-security-updates-chrome
Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13764
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCXfOBWQAKCRDBnEyTZRJg
Qu1pAJ9Wgo4rlZgQX1l5onMCPPvfd/BCFgCeJaHqAvi8G5r1jAh/yqNwo9FYjIA=
=3/Cs
-----END PGP SIGNATURE-----