Headline
Ubuntu Security Notice USN-5949-1
Ubuntu Security Notice 5949-1 - It was discovered that Chromium could be made to write out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium contained an integer overflow in the PDF component. A remote attacker could possibly use this issue to corrupt memory via a crafted PDF file, resulting in a denial of service, or possibly execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-5949-1March 13, 2023chromium-browser vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Chromium.Software Description:- chromium-browser: Chromium web browser, open-source version of ChromeDetails:It was discovered that Chromium could be made to write out of bounds inseveral components. A remote attacker could possibly use this issue tocorrupt memory via a crafted HTML page, resulting in a denial of service,or possibly execute arbitrary code. (CVE-2023-0930, CVE-2023-1219,CVE-2023-1220, CVE-2023-1222)It was discovered that Chromium contained an integer overflow in the PDFcomponent. A remote attacker could possibly use this issue to corruptmemory via a crafted PDF file, resulting in a denial of service, orpossibly execute arbitrary code. (CVE-2023-0933)It was discovered that Chromium did not properly manage memory in severalcomponents. A remote attacker could possibly use this issue to corruptmemory via a crafted HTML page, resulting in a denial of service, orpossibly execute arbitrary code. (CVE-2023-0941, CVE-2023-0928,CVE-2023-0929, CVE-2023-0931, CVE-2023-1213, CVE-2023-1216, CVE-2023-1218)It was discovered that Chromium did not correctly distinguish data typesin several components. A remote attacker could possibly use this issue tocorrupt memory via a crafted HTML page, resulting in a denial of service,or possibly execute arbitrary code. (CVE-2023-1214, CVE-2023-1215,CVE-2023-1235)It was discovered that Chromium insufficiently enforced policies. Anattacker could possibly use this issue to bypass navigation restrictions.(CVE-2023-1221, CVE-2023-1224)It was discovered that Chromium insufficiently enforced policies in WebPayments API. A remote attacker could possibly use this issue to bypasscontent security policy via a crafted HTML page. (CVE-2023-1226)It was discovered that Chromium contained an inappropriate implementationin the Permission prompts component. A remote attacker could possibly usethis issue to bypass navigation restrictions via a crafted HTML page.(CVE-2023-1229)It was discovered that Chromium insufficiently enforced policies inResource Timing component. A remote attacker could possibly use this issueto obtain sensitive information. (CVE-2023-1232, CVE-2023-1233)It was discovered that Chromium contained an inappropriate implementationin the Internals component. A remote attacker could possibly use thisissue to spoof the origin of an iframe via a crafted HTML page.(CVE-2023-1236)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS: chromium-browser 111.0.5563.64-0ubuntu0.18.04.5This update uses a new upstream release, which includes additional bugfixes. In general, a standard system update will make all the necessarychanges.References: https://ubuntu.com/security/notices/USN-5949-1 CVE-2023-0928, CVE-2023-0929, CVE-2023-0930, CVE-2023-0931, CVE-2023-0933, CVE-2023-0941, CVE-2023-1213, CVE-2023-1214, CVE-2023-1215, CVE-2023-1216, CVE-2023-1218, CVE-2023-1219, CVE-2023-1220, CVE-2023-1221, CVE-2023-1222, CVE-2023-1224, CVE-2023-1226, CVE-2023-1229, CVE-2023-1232, CVE-2023-1233, CVE-2023-1235, CVE-2023-1236Package Information:https://launchpad.net/ubuntu/+source/chromium-browser/111.0.5563.64-0ubuntu0.18.04.5
Related news
Gentoo Linux Security Advisory 202309-17 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)
Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)
Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)
Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)