Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5479-1

Debian Linux Security Advisory 5479-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Packet Storm
#linux#debian#dos#chrome

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Debian Security Advisory DSA-5479-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
August 17, 2023 https://www.debian.org/security/faq


Package : chromium
CVE ID : CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351
CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355
CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359
CVE-2023-4360 CVE-2023-4361 CVE-2023-4362 CVE-2023-4363
CVE-2023-4364 CVE-2023-4365 CVE-2023-4366 CVE-2023-4367
CVE-2023-4368

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

For the oldstable distribution (bullseye), these problems have been fixed
in version 116.0.5845.96-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 116.0.5845.96-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTecqYACgkQEMKTtsN8
TjZtRhAAuk2RpKtwhNgTv0PRgzA31HSDvKQM3qRdCv42rXVByAjb+sZefppVKDm/
wS75aMDtXrQeW743pZsPDWrZntt13Xg1z9ydXJJmkaZJC1ajlmX51RMvDURM6V7y
BzbcV9K41M4qr9ZSEA5e8xgxB9nB679Ut78UgHvGNux2DmexiFSa8ktnkBklfQ5S
6qjO8MpT+dAie/k5MGHZGYE4tTl6VJ+X6fimCCDs/WNWzzXeRBJKhxadSw3uQ+gc
B3F/SxgWCHLQx25ROnsnY1+AVC9Wx4iCpaBgkXw+HhIKTaSie0/Q4MQfk3ke2rTQ
I9WpJH93e18JwvPD4ZcoGLJ3znYYsYmMv0Sf1ykcDGK/Wk7m3IZUoWrYTnPcxhEz
6ozXxdVM7Y5t15LCPPLdcjq8tN4Ubsnu+8w1eVJ0ZOuuPnQ6SyydC6ZLVrcQ8dt2
OgZTmeSAWEl4wtaBOmfigEtj6RhqdfDTba+5rY9VjYqSEmjwOZQ1U+YCqTzJIyUH
wPcOjq/dtGLTjbgvkMKntpkRvO4/wChd41MmuSPIh4wPxgfdzeqKXzGtSsOL8tzB
b16G0UDTqiTO3kCkikJZyqiQIPJH+zTgrnx541egN8yyKpA0pjTRQLR/VzDR8hRP
edkKKwzknuwMOTJiiUKWLPcJMr3jOyyjbhToHOyo92JB5VMvCJU=lmp7
-----END PGP SIGNATURE-----

Related news

Gentoo Linux Security Advisory 202401-34

Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM

Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I participated in two educational activities. The first one is an on-line cyber security course for […]

Chrome Read-Only Property Overwrite

Chrome suffers from a read-only property overwrite in TurboFan.

Google Fixes Serious Security Flaws in Chrome and Android

Plus: Mozilla patches more than a dozen vulnerabilities in Firefox, and enterprise companies Ivanti, Cisco, and SAP roll out a slew of updates to get rid of some high-severity bugs.

CVE-2023-4356

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4358

Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-2312: Stable Channel Update for Desktop

Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution