Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5949-1

Ubuntu Security Notice 5949-1 - It was discovered that Chromium could be made to write out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium contained an integer overflow in the PDF component. A remote attacker could possibly use this issue to corrupt memory via a crafted PDF file, resulting in a denial of service, or possibly execute arbitrary code.

Packet Storm
#vulnerability#web#ubuntu#dos#perl#pdf#chrome
==========================================================================Ubuntu Security Notice USN-5949-1March 13, 2023chromium-browser vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Chromium.Software Description:- chromium-browser: Chromium web browser, open-source version of ChromeDetails:It was discovered that Chromium could be made to write out of bounds inseveral components. A remote attacker could possibly use this issue tocorrupt memory via a crafted HTML page, resulting in a denial of service,or possibly execute arbitrary code. (CVE-2023-0930, CVE-2023-1219,CVE-2023-1220, CVE-2023-1222)It was discovered that Chromium contained an integer overflow in the PDFcomponent. A remote attacker could possibly use this issue to corruptmemory via a crafted PDF file, resulting in a denial of service, orpossibly execute arbitrary code. (CVE-2023-0933)It was discovered that Chromium did not properly manage memory in severalcomponents. A remote attacker could possibly use this issue to corruptmemory via a crafted HTML page, resulting in a denial of service, orpossibly execute arbitrary code. (CVE-2023-0941, CVE-2023-0928,CVE-2023-0929, CVE-2023-0931, CVE-2023-1213, CVE-2023-1216, CVE-2023-1218)It was discovered that Chromium did not correctly distinguish data typesin several components. A remote attacker could possibly use this issue tocorrupt memory via a crafted HTML page, resulting in a denial of service,or possibly execute arbitrary code. (CVE-2023-1214, CVE-2023-1215,CVE-2023-1235)It was discovered that Chromium insufficiently enforced policies. Anattacker could possibly use this issue to bypass navigation restrictions.(CVE-2023-1221, CVE-2023-1224)It was discovered that Chromium insufficiently enforced policies in WebPayments API. A remote attacker could possibly use this issue to bypasscontent security policy via a crafted HTML page. (CVE-2023-1226)It was discovered that Chromium contained an inappropriate implementationin the Permission prompts component. A remote attacker could possibly usethis issue to bypass navigation restrictions via a crafted HTML page.(CVE-2023-1229)It was discovered that Chromium insufficiently enforced policies inResource Timing component. A remote attacker could possibly use this issueto obtain sensitive information. (CVE-2023-1232, CVE-2023-1233)It was discovered that Chromium contained an inappropriate implementationin the Internals component. A remote attacker could possibly use thisissue to spoof the origin of an iframe via a crafted HTML page.(CVE-2023-1236)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS:   chromium-browser                111.0.5563.64-0ubuntu0.18.04.5This update uses a new upstream release, which includes additional bugfixes. In general, a standard system update will make all the necessarychanges.References:   https://ubuntu.com/security/notices/USN-5949-1   CVE-2023-0928, CVE-2023-0929, CVE-2023-0930, CVE-2023-0931,   CVE-2023-0933, CVE-2023-0941, CVE-2023-1213, CVE-2023-1214,   CVE-2023-1215, CVE-2023-1216, CVE-2023-1218, CVE-2023-1219,   CVE-2023-1220, CVE-2023-1221, CVE-2023-1222, CVE-2023-1224,   CVE-2023-1226, CVE-2023-1229, CVE-2023-1232, CVE-2023-1233,   CVE-2023-1235, CVE-2023-1236Package Information:https://launchpad.net/ubuntu/+source/chromium-browser/111.0.5563.64-0ubuntu0.18.04.5

Related news

Gentoo Linux Security Advisory 202309-17

Gentoo Linux Security Advisory 202309-17 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

CVE-2023-1229

Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-1213

Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1235: Stable Channel Update for Desktop

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)

CVE-2023-1236

Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1232

Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1214

Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Debian Security Advisory 5359-1

Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5359-1

Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5359-1

Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5359-1

Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5359-1

Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5359-1

Debian Linux Security Advisory 5359-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

CVE-2023-0933

Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

CVE-2023-0941

Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution