Headline
Debian Security Advisory 5491-1
Debian Linux Security Advisory 5491-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5491-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffSeptember 07, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromiumCVE ID : CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 CVE-2023-4764Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the oldstable distribution (bullseye), these problems have been fixedin version 116.0.5845.180-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 116.0.5845.180-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmT6DCoACgkQEMKTtsN8TjZj4g//RO4rAcJZYRRBGN+T3PnG10PrE8GMM3kdteUkPz6UbVHoO2MLS2JJ6DvyujUogqtg17utwkPYDmJhXuyd4C5IaM7NM2KOcfSgiQ0roEA1G01lqVT8B6tf6WzQYUKqGepU/c18cbsDsZx5heHEBB/hkS79HBOcyVhPvRHKldYS9NDXY4HbaXedOrwqgGmchV+i4ydxeZqzr8q9LmIAl2fX1vNrh8xZj8PC2eYBsTci5gnBZWnNbzqTnISL84CD4UhWeYgA6GvYEr+KEwFWqnM1aD0qqU5MbiKWeF3Gsz2Lbyu5QWFQQkDU4ewpfK73pMamCOeNDId19olP4hgXP/Oihr/gRyNm3TOzgODuQUJfwhaGUGHv/I5R1ddVvoGRY9j7j7JhqEyn7IHdeJTKiFjAFfuMzuo+a2No9470bSRh97G7HTSNrekHR73xH7qfm5IvG1NAPWiMmXv/vDD2uckg7rpFZ0ifNjpMrgLSB+z1w5BZECQ5k9R1dKg78cO8+HaEnPoArYyQ/BAIB4Fl/VJQAXVteB7AR73saMIrz2OMh5OjbJzydQoT3yrlX1qr85MS/EZTqUXpOQJXcteGNllELOOAQxDxUr9RDO6oH/5EUUXcITsw+QF9x8KpzUeu8CywCCgMlLVYYTQbPmzWhdiEm5AmyzBud3YP9u3KF3RXmkw==PtxI-----END PGP SIGNATURE-----Related news
Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.
Gentoo Linux Security Advisory 202312-7 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.11_p20231120 are affected.
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément
Gentoo Linux Security Advisory 202311-11 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.10_p20230623 are affected.
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the
Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)