Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5371-1

Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Packet Storm
#linux#debian#dos#js#chrome

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Debian Security Advisory DSA-5371-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
March 09, 2023 https://www.debian.org/security/faq


Package : chromium
CVE ID : CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216
CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220
CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224
CVE-2023-1225 CVE-2023-1226 CVE-2023-1227 CVE-2023-1228
CVE-2023-1229 CVE-2023-1230 CVE-2023-1231 CVE-2023-1232
CVE-2023-1233 CVE-2023-1234 CVE-2023-1235 CVE-2023-1236

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

For the stable distribution (bullseye), these problems have been fixed in
version 111.0.5563.64-1~deb11u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmQKMPAACgkQEMKTtsN8
TjYhlg/8CfPNklE4eO+wy0otR3hUK3XNeXJqOKSUFybRmZ9223lANRVwBHHTudqh
1Xi/PxnSDVHNH2hqVQZQwnIiTVPXedT8fgS50eoR0RfJjDSy79rL+oLNXbqb8F3/
jY07r1McfUUIjVzg8H/jSVN0fKQG0z53RSx9eX8jITb4r4N1Wy8DQ0XzVGFTxzuR
ao3e7kM/TW8Z/hsHSrLTJiMnqha15GGn9d8IOK5ecqEgWNIOeeDM0WQGoITuIgYq
GqEufHOhgEDbaty6kMzYWPqeVFq/7jkTwBiMTSi6Grjwb+2KroMJPQhg5jkfslpL
bXAom3Sr3lArp88cNR0g8p41G7MjbP1fq5STUxT056zKFGO+cySaxhn4ryMfcPFx
dKqXSHxDSpPjLz1qFTPZovU+x0O6HIazoa4MupAhIxlLvkcdYC2/35DrCr6098HR
X+v8psjeczukkBBzA8eIQGH07f2jWwXxSlLoNr4ClePnsk6YLvZTg0ua/snF/x5i
NmDs2tQkhHKCkLzsu1L0uyImBuiIihBNLasNUpIinjf4iLOtSrl+vsSzOipvIwaW
FL5LYoOPao4n+zBGjOQwUceQ9SJsB1hljk8YUfvgbotzwup5YCqRF6FwAXvlR9kh
Eo/izaErx3FvokrfaifufKAeOrSn+AP9LsHrm2fkuCBNXqz3Z1c=gwSp
-----END PGP SIGNATURE-----

Related news

Ubuntu Security Notice USN-5949-1

Ubuntu Security Notice 5949-1 - It was discovered that Chromium could be made to write out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium contained an integer overflow in the PDF component. A remote attacker could possibly use this issue to corrupt memory via a crafted PDF file, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2023-1213

Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1214

Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1230

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-1232

Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1234

Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1235: Stable Channel Update for Desktop

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)

CVE-2023-1236

Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1229

Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution