Headline
Debian Security Advisory 5317-1
Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5317-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffJanuary 13, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromiumCVE ID : CVE-2023-0141 CVE-2023-0140 CVE-2023-0139 CVE-2023-0138 CVE-2023-0137 CVE-2023-0136 CVE-2023-0135 CVE-2023-0134 CVE-2023-0133 CVE-2023-0132 CVE-2023-0131 CVE-2023-0130 CVE-2023-0129 CVE-2023-0128Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), this problem has been fixed inversion 109.0.5414.74-2~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPBrfQACgkQEMKTtsN8TjbGjQ/+KfI0HcNDER9opW3i/NGsUubDFjtGSH2Bdh0I7CG0MFYo9jWbkskq9F/KjYHgJLTqXEZ7ZUiE/xUYDg20Ad8y1eJ8vZC4dlNaPX1SakdvAPC5HEgPFNjEO60i4SU/9y7+ujHIuuZiX7N7ATXUG7VRBTOCIFRraMzQ7iIFp3XlNPlPhW5T0XHkf+8oCl3ncFE/JCsEL22juORB93/Ws0MD7sc+Zn2F9HtIEc8PFe1PWs9xYqrT3YZXhI6jq77dcJBHzKzehWSOaDwmRWZ/PXjO5z4vM8rpcDOKQaAW55SAszu2BPNRHCph0OEibcg3Tul/sOKcnjAG2UwKf1dVDEwUf6tcvk1/pIdkpVVurH0AHUU86qlLAimDNwIIyNwpxGACaa9d81GjwPp/pR0CcC38ttJaqCQMEf68F65dy/8GFBab/HrB8lDEB2tL/dWCFzWehcfntcr+mVsxktB8mY0FJWC6JIoQPJA3BALmH95duUmDYlcIYsjPipiFj74+IAUijIgVeyCCl/6jJ1TWQSlHuMnMJIVzzGEDH3DGXiLaE2ZRDHap8y/IBbDXeHRZ8YQ1CwBSaTeyHrp7zBPL2iu4LsJzT6c7zijvJClJGHkzhBbUlDyPc4G1ew20p4BnOBTOiDa4Vxyg8NnCREPjHW7oR2S7FhraDjAK/8g4t87cUy8==11U3-----END PGP SIGNATURE-----Related news
Gentoo Linux Security Advisory 202311-11 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.10_p20230623 are affected.
Gentoo Linux Security Advisory 202305-10 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 109.0.5414.74-r1>= are affected.
Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2023, including vulnerabilities that were added between January and February Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239118 This month I decided to change the format a bit. Now I share my impression of Microsoft Patch Tuesday on the same Patch Tuesday day […]
Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)