Headline
Debian Security Advisory 5377-1
Debian Linux Security Advisory 5377-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5377-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffMarch 23, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromiumCVE ID : CVE-2023-1528 CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533 CVE-2023-1534Debian Bug : 1015367 1033015 1033223Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 111.0.5563.110-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQcr7UACgkQEMKTtsN8TjbuARAAlS9yYt7wuAEDkYwDu/aDYURZpuzfRsXQAkH1lANruzc/RWXYZOCnpXC+3C3khe5QvqHkv30n6P2gQi5MEnT1HUnxRkhdXdcf3m+W5lJ0RHSmIntUK1CUXXj52mQ5w3GsGan/gfiYJhrVwOTx6/eKNjt5hv6qXd6ku0rEY/J1SOms83a5WnxxJxoeIMKMqqCXJ4MOEEk+F8qGVgrRV+IJjOmvcUAWgeRcZE28xWlv8dVCd3ouzLPE6TH53mwkQXFXiJ6rn3oiIPvu8m/8zLy1wnHbjn1GRDnNd8d7TdQVX5acmDfw/l1SYILvHXNVMlvq6Rg6+rmo/8RmSU7Bhv4bY7DZ0dRZIjqfFflIjYpaCqbBZavy6+gqrzfLcHukE4WzwpI4dejlgPYP/hYqtR0RVeOFHbecukj8LzRJL/bdjOx+lZz/yzn1i+uIekOvk8i41M3tcoGOT0u0xzgWeyqj+nZpBeCRuLCcqUgSaCP6ywAM/gd7kDqwvy1XMj4tp/MV406Byt6Puog2YzgFmD1bz1EpptSODva/sWf755bCBzR63hVsmtzek3KJi0GkSvzfJe5euppnqfV2Et3rxYuaMQv98UUNV56GaJv8b5y5W/q8ujUXKZOrU6sQJobO7UT0vN4D0EHYTvTsCoSri4fv7VIjAhJmiepzpggx+if/xxY~jM-----END PGP SIGNATURE-----Related news
Gentoo Linux Security Advisory 202309-17 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected.
TALOS-2023-1724 (CVE-2023-1531) occurs if the user opens a specially crafted web page in Chrome.
Ubuntu Security Notice 6021-1 - It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium could be made to access memory out of bounds in WebHID. A remote attacker could possibly use this issue to corrupt memory via a malicious HID device, resulting in a denial of service, or possibly execute arbitrary code.
Plus: Microsoft Outlook and Android patch serious flaws, Chrome and Firefox get fixes, and much more.
Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)