Security
Headlines
HeadlinesLatestCVEs

Headline

Gentoo Linux Security Advisory 202305-10

Gentoo Linux Security Advisory 202305-10 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 109.0.5414.74-r1>= are affected.

Packet Storm
#vulnerability#web#mac#google#microsoft#linux#rce#chrome

Gentoo Linux Security Advisory GLSA 202305-10


                                       https://security.gentoo.org/  

Severity: High
Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Date: May 03, 2023
Bugs: #876855, #878825, #883031, #883697, #885851, #890726, #886479, #890728, #891501, #891503
ID: 202305-10


Synopsis

Multiple vulnerabilities have been found in Chromium and its
derivatives, the worst of which could result in remote code execution.

Background

Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your
devices.

Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.

Affected packages

-------------------------------------------------------------------  
 Package              /     Vulnerable     /            Unaffected  
-------------------------------------------------------------------  

1 www-client/chromium < 109.0.5414.74-r1>= 109.0.5414.74-r1
2 www-client/chromium-bin < 109.0.5414.74 >= 109.0.5414.74
3 www-client/google-chrome < 109.0.5414.74 >= 109.0.5414.74
4 www-client/microsoft-edge < 109.0.1518.61 >= 109.0.1518.61

Description

Multiple vulnerabilities have been discovered in Chromium, Google
Chrome, Microsoft Edge. Please review the CVE identifiers referenced
below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Chromium users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=www-client/chromium-109.0.5414.74-r1”

All Chromium binary users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=www-client/chromium-bin-109.0.5414.74”

All Google Chrome users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=www-client/google-chrome-109.0.5414.74”

All Microsoft Edge users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=www-client/microsoft-edge-109.0.1518.61”

References

[ 1 ] CVE-2022-3445
https://nvd.nist.gov/vuln/detail/CVE-2022-3445
[ 2 ] CVE-2022-3446
https://nvd.nist.gov/vuln/detail/CVE-2022-3446
[ 3 ] CVE-2022-3447
https://nvd.nist.gov/vuln/detail/CVE-2022-3447
[ 4 ] CVE-2022-3448
https://nvd.nist.gov/vuln/detail/CVE-2022-3448
[ 5 ] CVE-2022-3449
https://nvd.nist.gov/vuln/detail/CVE-2022-3449
[ 6 ] CVE-2022-3450
https://nvd.nist.gov/vuln/detail/CVE-2022-3450
[ 7 ] CVE-2022-3723
https://nvd.nist.gov/vuln/detail/CVE-2022-3723
[ 8 ] CVE-2022-4135
https://nvd.nist.gov/vuln/detail/CVE-2022-4135
[ 9 ] CVE-2022-4174
https://nvd.nist.gov/vuln/detail/CVE-2022-4174
[ 10 ] CVE-2022-4175
https://nvd.nist.gov/vuln/detail/CVE-2022-4175
[ 11 ] CVE-2022-4176
https://nvd.nist.gov/vuln/detail/CVE-2022-4176
[ 12 ] CVE-2022-4177
https://nvd.nist.gov/vuln/detail/CVE-2022-4177
[ 13 ] CVE-2022-4178
https://nvd.nist.gov/vuln/detail/CVE-2022-4178
[ 14 ] CVE-2022-4179
https://nvd.nist.gov/vuln/detail/CVE-2022-4179
[ 15 ] CVE-2022-4180
https://nvd.nist.gov/vuln/detail/CVE-2022-4180
[ 16 ] CVE-2022-4181
https://nvd.nist.gov/vuln/detail/CVE-2022-4181
[ 17 ] CVE-2022-4182
https://nvd.nist.gov/vuln/detail/CVE-2022-4182
[ 18 ] CVE-2022-4183
https://nvd.nist.gov/vuln/detail/CVE-2022-4183
[ 19 ] CVE-2022-4184
https://nvd.nist.gov/vuln/detail/CVE-2022-4184
[ 20 ] CVE-2022-4185
https://nvd.nist.gov/vuln/detail/CVE-2022-4185
[ 21 ] CVE-2022-4186
https://nvd.nist.gov/vuln/detail/CVE-2022-4186
[ 22 ] CVE-2022-4187
https://nvd.nist.gov/vuln/detail/CVE-2022-4187
[ 23 ] CVE-2022-4188
https://nvd.nist.gov/vuln/detail/CVE-2022-4188
[ 24 ] CVE-2022-4189
https://nvd.nist.gov/vuln/detail/CVE-2022-4189
[ 25 ] CVE-2022-4190
https://nvd.nist.gov/vuln/detail/CVE-2022-4190
[ 26 ] CVE-2022-4191
https://nvd.nist.gov/vuln/detail/CVE-2022-4191
[ 27 ] CVE-2022-4192
https://nvd.nist.gov/vuln/detail/CVE-2022-4192
[ 28 ] CVE-2022-4193
https://nvd.nist.gov/vuln/detail/CVE-2022-4193
[ 29 ] CVE-2022-4194
https://nvd.nist.gov/vuln/detail/CVE-2022-4194
[ 30 ] CVE-2022-4195
https://nvd.nist.gov/vuln/detail/CVE-2022-4195
[ 31 ] CVE-2022-4436
https://nvd.nist.gov/vuln/detail/CVE-2022-4436
[ 32 ] CVE-2022-4437
https://nvd.nist.gov/vuln/detail/CVE-2022-4437
[ 33 ] CVE-2022-4438
https://nvd.nist.gov/vuln/detail/CVE-2022-4438
[ 34 ] CVE-2022-4439
https://nvd.nist.gov/vuln/detail/CVE-2022-4439
[ 35 ] CVE-2022-4440
https://nvd.nist.gov/vuln/detail/CVE-2022-4440
[ 36 ] CVE-2022-41115
https://nvd.nist.gov/vuln/detail/CVE-2022-41115
[ 37 ] CVE-2022-44688
https://nvd.nist.gov/vuln/detail/CVE-2022-44688
[ 38 ] CVE-2022-44708
https://nvd.nist.gov/vuln/detail/CVE-2022-44708
[ 39 ] CVE-2023-0128
https://nvd.nist.gov/vuln/detail/CVE-2023-0128
[ 40 ] CVE-2023-0129
https://nvd.nist.gov/vuln/detail/CVE-2023-0129
[ 41 ] CVE-2023-0130
https://nvd.nist.gov/vuln/detail/CVE-2023-0130
[ 42 ] CVE-2023-0131
https://nvd.nist.gov/vuln/detail/CVE-2023-0131
[ 43 ] CVE-2023-0132
https://nvd.nist.gov/vuln/detail/CVE-2023-0132
[ 44 ] CVE-2023-0133
https://nvd.nist.gov/vuln/detail/CVE-2023-0133
[ 45 ] CVE-2023-0134
https://nvd.nist.gov/vuln/detail/CVE-2023-0134
[ 46 ] CVE-2023-0135
https://nvd.nist.gov/vuln/detail/CVE-2023-0135
[ 47 ] CVE-2023-0136
https://nvd.nist.gov/vuln/detail/CVE-2023-0136
[ 48 ] CVE-2023-0137
https://nvd.nist.gov/vuln/detail/CVE-2023-0137
[ 49 ] CVE-2023-0138
https://nvd.nist.gov/vuln/detail/CVE-2023-0138
[ 50 ] CVE-2023-0139
https://nvd.nist.gov/vuln/detail/CVE-2023-0139
[ 51 ] CVE-2023-0140
https://nvd.nist.gov/vuln/detail/CVE-2023-0140
[ 52 ] CVE-2023-0141
https://nvd.nist.gov/vuln/detail/CVE-2023-0141
[ 53 ] CVE-2023-21719
https://nvd.nist.gov/vuln/detail/CVE-2023-21719
[ 54 ] CVE-2023-21775
https://nvd.nist.gov/vuln/detail/CVE-2023-21775
[ 55 ] CVE-2023-21795
https://nvd.nist.gov/vuln/detail/CVE-2023-21795
[ 56 ] CVE-2023-21796
https://nvd.nist.gov/vuln/detail/CVE-2023-21796

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202305-10

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Related news

Gentoo Linux Security Advisory 202311-11

Gentoo Linux Security Advisory 202311-11 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.10_p20230623 are affected.

Google reveals spyware attack on Android, iOS, and Chrome

By Habiba Rashid Google's Threat Analysis Group (TAG) labeled the spyware campaign as limited but highly targeted. This is a post from HackRead.com Read the original post: Google reveals spyware attack on Android, iOS, and Chrome

CVE-2023-22436: en/security-disclosure/2023/2023-02.md · OpenHarmony/security - Gitee.com

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

CVE-2023-22436: en/security-disclosure/2023/2023-02.md · OpenHarmony/security - Gitee.com

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

CVE-2023-22436: en/security-disclosure/2023/2023-02.md · OpenHarmony/security - Gitee.com

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

CVE-2023-22436: en/security-disclosure/2023/2023-02.md · OpenHarmony/security - Gitee.com

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.

Microsoft Patch Tuesday February 2023: Win Graphics RCE, Edge RCE, Publisher SFB, CLFS EoP, Exchange RCEs, Word RCE, HoloLens1

Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2023, including vulnerabilities that were added between January and February Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239118 This month I decided to change the format a bit. Now I share my impression of Microsoft Patch Tuesday on the same Patch Tuesday day […]

Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware

Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.

CVE-2023-21719

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.

CVE-2023-21775

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.

CVE-2023-21795

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2023-21795

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796.

CVE-2023-21796

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795.

CVE-2023-21796

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2023-21775

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5317-1

Debian Linux Security Advisory 5317-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

CVE-2023-0128

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-0135

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-0133

Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-0132

Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-0141: Stable Channel Update for Desktop

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-0134

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-0137

Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-0138

Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-0140

Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-0136

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-0130

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Microsoft Patch Tuesday December 2022: SPNEGO RCE, Mark of the Web Bypass, Edge Memory Corruptions

Hello everyone! This episode will be about Microsoft Patch Tuesday for December 2022, including vulnerabilities that were added between November and December Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239112 But let’s start with an older vulnerability. This will be another example why […]

Debian Security Advisory 5302-1

Debian Linux Security Advisory 5302-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5302-1

Debian Linux Security Advisory 5302-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5302-1

Debian Linux Security Advisory 5302-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5302-1

Debian Linux Security Advisory 5302-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5302-1

Debian Linux Security Advisory 5302-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

CVE-2022-4440: Stable Channel Update for Desktop

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2022-4439

Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)

CVE-2022-4437

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2022-41115

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability.

CVE-2022-44708

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5293-1

Debian Linux Security Advisory 5293-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion

CVE-2022-4177

Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)

CVE-2022-4187

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2022-4186

Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2022-4184

Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2022-4178

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2022-4189

Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

CVE-2022-4175

Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2022-4174

Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2022-4191

Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)

CVE-2022-4192

Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)

CVE-2022-4195: Stable Channel Update for Desktop

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. <!-

Debian Security Advisory 5289-1

Debian Linux Security Advisory 5289-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code.

Microsoft Patch Tuesday November 2022: Exchange ProxyNotShell RCE, JScript9, MoTW, OpenSSL, Edge, CNG, Print Spooler

Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link (for Russia): https://vk.com/video-149273431_456239107 The most important news of this Patch Tuesday was a release of patches […]

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw

Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw

Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be

GHSA-995f-9x5r-2rcj: Heap buffer overflow in GPU

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2022-4135: Stable Channel Update for Desktop

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVE-2022-3449: Stable Channel Update for Desktop

Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

CVE-2022-3446

Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2022-3447

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

CVE-2022-3448

Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2022-3445

Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

CVE-2022-3723

Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

A Chrome fix for an in-the-wild exploit is out—Check your version

Categories: Exploits and vulnerabilities Categories: News Google has issued an update for Chrome to fix an issue in the V8 JavaScript engine (Read more...) The post A Chrome fix for an in-the-wild exploit is out—Check your version appeared first on Malwarebytes Labs.

Urgent: Google Issues Emergency Patch for Chrome Zero-Day

With scant details attached, Google Chrome seeks to shore up yet another exploited zero-day vulnerability.

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022. "Google is aware of

Packet Storm: Latest News

Zeek 6.0.9