Headline
Debian Security Advisory 5328-1
Debian Linux Security Advisory 5328-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5328-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffJanuary 26, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromiumCVE ID : CVE-2023-0471 CVE-2023-0472 CVE-2023-0473 CVE-2023-0474Debian Bug : 1011346Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bullseye), these problems have been fixed inversion 109.0.5414.119-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPSxfAACgkQEMKTtsN8TjZlkQ/+PGr18MyY4Su8U78MrneB965DP5Q/faHnU/AIERZ99dkb9XkuKR7icqaUh3AdyK7fN1wz/cG/sAFa2MoFsL/tcGS0SmpZsNRdbQy6mbpYO/5yQrqW2+msvpmT/uNMCpMn9+8K2L0+yuuDCkL9KhuHZRg3UrN8T3xfkU2rebxRslvQixy9a5M8cQ+wAP4TrsKiyIRaBBrJNPE4BjKGOFYQmZn9Ov8iRMaApXgSzO7RV9ocMKbtWz5n7m6cTfpq4vOuLkugnYa/J3Xn5PozT1O8qTcru3i6CFOow/v/YEHjw2DYd42NmA+Ojon0nBPPwShPbZndJrNvloeYyrcHHf7Em330b71gtip3ri9QfenPAaJgfdJ4mIpdyDJ/rZiH4oNbkilZrlgLM4Sw/JUh2jQ8tDK2udVWyH10uYS3teGDSq/EIU3ZInKGzlez7j7ZzQuAgwTwHwwlezD4Ppr02Zuu5lvVvOSfkjE5IQnyUNb/VWGd28oN6PKq4OgMYAOPVJFPy6dvs+YR2zCJKkZBCtfeJM8lO8Ncq/gs80SKtWDibmD/lRVbVotoGoNCebFVPeoeNXgWjGb3WC6PLDBoLc/GCxqFPoNxU8y1gKi5SdcMEqLTUIjH1f8BX28c9ZZmWgpZdctavsRH5mdRgsz6kb78bWbMQYqj1sVPPufZjOF5AfQ==PFa0-----END PGP SIGNATURE-----Related news
Ubuntu Security Notice 5881-1 - It was discovered that Chromium did not properly manage memory. A remote attacker could possibly use these issues to cause a denial of service or execute arbitrary code via a crafted HTML page. It was discovered that Chromium did not properly manage memory. A remote attacker who convinced a user to install a malicious extension could possibly use this issue to corrupt memory via a Chrome web app.
Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)
Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)
Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)