Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:ebuild/www-client/chromium@86.0.4240.193
purl pkg:ebuild/www-client/chromium@86.0.4240.193
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (7)
Vulnerability Summary Aliases
VCID-cfg9-fy1r-uqg6 CVE-2020-16009: Inappropriate implementation in V8 - https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009 Google is aware of reports that exploits for CVE-2020-16009 exist in the wild. Allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. There is currently little to no public information on the issue other than it has been flagged as `High` severity. CVE-2020-16009
GHSA-m7mf-48hp-5qmr
VCID-duh8-6es4-2ud5 Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. CVE-2020-16016
VCID-hvgx-m4wg-s3f4 Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. CVE-2020-16004
VCID-mpxg-4rpz-dyay Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. CVE-2020-16006
VCID-nx21-ks3v-53e4 Heap buffer overflow in CefSharp ### Impact A memory corruption bug(Heap overflow) in the FreeType font rendering library. > This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild. ### Patches Upgrade to 85.3.130 or higher ### References - https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ - https://www.zdnet.com/article/google-releases-chrome-security-update-to-patch-actively-exploited-zero-day/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15999 - https://magpcss.org/ceforum/viewtopic.php?f=10&t=17942 To review the `CEF/Chromium` patch see https://bitbucket.org/chromiumembedded/cef/commits/cd6cbe008b127990036945fb75e7c2c1594ab10d CVE-2020-15999
GHSA-pv36-h7jh-qm62
VCID-txw1-6aqq-qyhc Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. CVE-2020-16005
VCID-yhmq-3t19-fufm Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. CVE-2020-16008

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T13:10:06.272300+00:00 Gentoo Importer Fixing VCID-duh8-6es4-2ud5 https://security.gentoo.org/glsa/202011-12 38.0.0
2026-04-01T13:10:06.256716+00:00 Gentoo Importer Fixing VCID-cfg9-fy1r-uqg6 https://security.gentoo.org/glsa/202011-12 38.0.0
2026-04-01T13:10:06.241710+00:00 Gentoo Importer Fixing VCID-yhmq-3t19-fufm https://security.gentoo.org/glsa/202011-12 38.0.0
2026-04-01T13:10:06.226112+00:00 Gentoo Importer Fixing VCID-mpxg-4rpz-dyay https://security.gentoo.org/glsa/202011-12 38.0.0
2026-04-01T13:10:06.208742+00:00 Gentoo Importer Fixing VCID-txw1-6aqq-qyhc https://security.gentoo.org/glsa/202011-12 38.0.0
2026-04-01T13:10:06.190960+00:00 Gentoo Importer Fixing VCID-hvgx-m4wg-s3f4 https://security.gentoo.org/glsa/202011-12 38.0.0
2026-04-01T13:10:06.172646+00:00 Gentoo Importer Fixing VCID-nx21-ks3v-53e4 https://security.gentoo.org/glsa/202011-12 38.0.0