Headline
Debian Security Advisory 5420-1
Debian Linux Security Advisory 5420-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5420-1 [email protected]://www.debian.org/security/ Moritz MuehlenhoffJune 07, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : chromiumCVE ID : CVE-2023-3079Multiple security issues were discovered in Chromium, whichcould result in the execution of arbitrary code, denial of serviceor information disclosure.For the stable distribution (bullseye), this problem has been fixed inversion 114.0.5735.106-1~deb11u1.For the upcoming stable distribution (bookworm), these problems havebeen fixed in version 114.0.5735.106-1~deb12u1We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSAuzkACgkQEMKTtsN8TjYkHw//YSLfIYssjDXV6CkcW1SO+qGwPwB8/57wUJEpA8x73DjUhbUgatpbyuaKHWYX7knrTT7PG1nHgRaBWkWp+TFfpjsOEo/C6guIgwkYQ6GPLePLJe7RwWI2NxzH+o9GgqZhzJ34BC7YQd2FWKGe59cYE26TAqk8R7rSTi9PnPtZqO5Y7BlKo8g8WjJhIYLG8N58zFKxDQxt6XKwkKVJIIbImAb5qOGpThSB05vuan36EyX8UZWHoj5ao+z1gUL9HbSkznfEZUYpHIOf2VNcrI3DCrxJejESmtWaeL8XPC7PlVEgfOZoFIvdMo9ZY6hLUOGe1uWeozTSBELyRvvXdWRiSlmY1W4AysD5/3cOppCbyR+eixUgUMhCLNcYs8gHut/MFILMYMAlegDScNp3r4kZBSjyXX+ftEoagBSSHw0AFXswj8wb5adbalrWybH8Ky44BT2G3cd5tk1GAn/hh3WMoq+lOmB498UmTSuQe9PV+4FRdbYSPlIBotnmAQcASLeJLutlO2qjqf1DTO+mRA0MciIzoIsPjNNI9LxnWoPuMhsZb4KhuxJUfpSDWVoHDbqc7cTpzRTgJ0UnuTbNNUK6puDHhb3427u1T+tsAw0jEeYpg/0PhhRZfptz4RF9iFFFokKvpBdFOlAo643XD6yFCQjKfMDyJ5xdmUu2Ce1r2fw==HC9u-----END PGP SIGNATURE-----Related news
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by
Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier CVE-2023-7024, has been described as a heap-based buffer overflow bug in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément
Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group (TAG) have been
Gentoo Linux Security Advisory 202311-11 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.10_p20230623 are affected.
Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can
Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR
Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]
Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser
YouTube released a statement that “we will stop removing content that advances false claims that widespread fraud, errors, or glitches occurred in the 2020 and other past US Presidential elections.”
Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: V8 Tags: heap corruption Tags: type confusion Tags: CVE-2023-3079 Google has released a Chrome update for a zero-day for which an exploit is actively being used in the wild. (Read more...) The post Update Chrome now! Google patches actively exploited zero-day appeared first on Malwarebytes Labs.
Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023. "Type
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)