MGASA-2023-0283
- Source
- https://advisories.mageia.org/MGASA-2023-0283.html
- Import Source
- https://advisories.mageia.org/MGASA-2023-0283.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2023-0283
- Related
- Published
- 2023-10-03T10:53:29Z
- Modified
- 2023-10-03T09:30:56Z
- Summary
- Updated chromium-browser-stable package fixes bugs and vulnerabilities
- Details
-
The chromium-browser-stable package has been updated to the 117.0.5938.92 release, fixing bugs and 31 vulnerabilities, together with 117.0.5938.92, 117.0.5938.88, 117.0.5938.62, 116.0.5845.187 and 116.0.5845.179.
Google is aware that an exploit for CVE-2023-5217 exists in the wild.
High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25
High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05
High CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25
Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06
Medium CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya on 2023-04-06
Medium CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali on 2023-06-29
Medium CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong on 2023-06-14
Medium CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. Reported by Ahmed ElMasry on 2023-05-18
Medium CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks on 2023-06-09
Medium CVE-2023-4905: Inappropriate implementation in Prompts. Reported by Hafiizh on 2023-04-29
Low CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2023-05-30
Low CVE-2023-4907: Inappropriate implementation in Intents. Reported by Mohit Raj (shadow2639) on 2023-07-04
Low CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong on 2023-06-06
Low CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong on 2023-07-09
Critical CVE-2023-4863: Heap buffer overflow in WebP
High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28
High CVE-2023-4762: Type Confusion in V8. Reported by anonymous on 2023-08-16
High CVE-2023-4763: Use after free in Networks. Reported by anonymous on 2023-08-03
High CVE-2023-4764: Incorrect security UI in BFCache. Reported by Irvan Kurniawan (sourc7) on 2023-05-20
- References
-
- https://advisories.mageia.org/MGASA-2023-0283.html
- https://bugs.mageia.org/show_bug.cgi?id=32317
- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_21.html
- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_15.html
- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
- Credits
-
-
- Mageia - COORDINATOR
-