Headline
Debian Security Advisory 5418-1
Debian Linux Security Advisory 5418-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Debian Security Advisory DSA-5418-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
June 03, 2023 https://www.debian.org/security/faq
Package : chromium
CVE ID : CVE-2023-2929 CVE-2023-2930 CVE-2023-2931 CVE-2023-2932
CVE-2023-2933 CVE-2023-2934 CVE-2023-2935 CVE-2023-2936
CVE-2023-2937 CVE-2023-2938 CVE-2023-2939 CVE-2023-2940
CVE-2023-2941
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
For the stable distribution (bullseye), these problems have been fixed in
version 114.0.5735.90-2~deb11u1.
For the upcoming stable distribution (bookworm), these problems have
been fixed in version 114.0.5735.90-2~deb12u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmR7SQoACgkQEMKTtsN8
TjZJjxAAj/KHxjAYEEM1vGexQutPWTI4WJkxPh2Fszxv0HTa3tUuf2DqVpMvBNVr
sHgSrkSIyTAvsLZsKvM6pc+RKNqP5x6XpFBN1g/Nv4hkJYHV8flFwyA6AGPkAozm
uD3fCsIuh8ShqCTMwFF4LCA4dUIYvALA0UNQXJexB8plaiDJKaAN5GQxRCq9eYRM
bc4OqdHeISfG30M+fIOWmKE6mLkC55ksfb9WbDUtsMNHvNrJdt3ki2K9yipTmtsk
o+0MkV8cmE46hF7gC7KhbE/l9h8OLf/FHQyniEJEFNQ5L3S+bCJV0iFviO5PDjx4
sooied9tWmQeq2X/ldykapQBWxQuQ0P2LDQgOvMiC81LGWAeJ39vEHpXew/DL0zt
ACufvKSawqLR4Ckc/iNPAfFg9KECg5X0g6IwCWP/s169KibNdzm00sZ1fmw62Ewr
N8szHvii0H+7PVpPWuNPb6FZUntC3c3tUwB1w3qnOKTwbLFGzsENQK4hKJudr04t
sCQ+3S1o1Vvtxy6yhenuzuY4IhgQGGFdELhIP3Wsvg8Rmgj32VKmjPxwZz/cYjYK
KpmTs7P0+NLegzokaIGeTSWxh2buzeNYnOIJpF130xw99I1f/RsizzN3Itb/3HEx
wAeyv7DuLe3MNvk8+4WRKrn9aqcr8HPWWCBFzbqtkPv6W1ykvis=gkZS
-----END PGP SIGNATURE-----
Related news
Gentoo Linux Security Advisory 202401-34 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.
Gentoo Linux Security Advisory 202311-11 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.10_p20230623 are affected.
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)
Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)