Headline
Debian Security Advisory 5440-1
Debian Linux Security Advisory 5440-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5440-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffJune 28, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromiumCVE ID : CVE-2023-3420 CVE-2023-3421 CVE-2023-3422Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 114.0.5735.198-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 114.0.5735.198-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSceTMACgkQEMKTtsN8TjYsiA/+OWn1Ps1ARDZgEE82rN+QOLoo6/WWVGk+ZafRaHK1s3aoLC250A/kTEBQLtUgk8b8+xlcvB86GfNASakBwfbmZG9q1joXsTDzQsK9l1vsbtFIfiOgS2a1P3mZkFPCux+yLfFvKRwg9ofBphAY5CFgmzPjU4E0OHtDlwfie4CJsJ9PQuWprWZXmIo5W5p5/rpGCEZCK7VWlG6aocoSeScYGsfKl0ue8He990eZg4KuHbxsHzVMvuX+DtACFe2x3WdZKkyxaucHKD4WIawVh87zFAx0+Fnf1IXAkegyowDEy0D17zI4/Nab92JMAd2YLxnonMp+56ESLqU6AD+P16OWpMKpsFg0J20u/BqCcGsP9GtfsYev1MIJBVolm/ph7m4PgkcgwXXy0atGM2D0T9BqLTYEFm3MK2AA2yyUXIRw5QA0VwJk57cguOF+hFJrhwbhTvlKNthpQrrhhh2tRzIO1x+BT6NDMpBFyS2Y0x7+e8E4HdRwr3FTmf26sxfzRKhGHjM4gUwb2yKFLgwIjriZBgY2OC1gPHMod3oFHOKf0Ml/piRQRNXuJFUZCdMaZirdzCWE5BeNJX42wdWLDdpPFTf1TtEJuaX/AD59TOPa3p23mO4cqJTOehZ3u/EPOm3zRCjBT2GPKy911xO9sxoPsff2F1mW/ndQU6/ybeAjLBk==jLPG-----END PGP SIGNATURE-----Related news
While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor.
Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.
A new security flaw has been disclosed in the libcue library impacting GNOME Linux systems that could be exploited to achieve remote code execution (RCE) on affected hosts. Tracked as CVE-2023-43641 (CVSS score: 8.8), the issue is described as a case of memory corruption in libcue, a library designed for parsing cue sheet files. It impacts versions 2.2.1 and prior. libcue is incorporated into
Two notable vulnerabilities in Google Chrome should be patched asap, and an allegedly new ransomware-as-a-service group.
Talos disclosed 10 vulnerabilities over the past two weeks affecting a range of software, including the popular Google Chrome web browser.
Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)