It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-1528, CVE-2023-1530, CVE-2023-1531, CVE-2023-1533, CVE-2023-1811, CVE-2023-1815, CVE-2023-1818)
It was discovered that Chromium could be made to access memory out of bounds in WebHID. A remote attacker could possibly use this issue to corrupt memory via a malicious HID device, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-1529)
It was discovered that Chromium could be made to access memory out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-1532, CVE-2023-1534, CVE-2023-1810, CVE-2023-1812, CVE-2023-1819, CVE-2023-1820)
It was discovered that Chromium contained an inappropriate implementation in the Extensions component. A remote attacker who convinced a user to install a malicious extension could possibly use this issue to bypass file access restrictions via a crafted HTML page. (CVE-2023-1813)
It was discovered that Chromium did not properly validate untrusted input in the Safe Browsing component. A remote attacker could possibly use this issue to bypass download checking via a crafted HTML page. (CVE-2023-1814)
It was discovered that Chromium contained an inappropriate implementation in the Picture In Picture component. A remote attacker could possibly use this issue to perform navigation spoofing via a crafted HTML page. (CVE-2023-1816)
It was discovered that Chromium contained an inappropriate implementation in the WebShare component. A remote attacker could possibly use this issue to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2023-1821)
It was discovered that Chromium contained an inappropriate implementation in the Navigation component. A remote attacker could possibly use this issue to perform domain spoofing via a crafted HTML page. (CVE-2023-1822)
It was discovered that Chromium contained an inappropriate implementation in the FedCM component. A remote attacker could possibly use this issue to bypass navigation restrictions via a crafted HTML page. (CVE-2023-1823)
{ "availability": "No subscription required", "binaries": [ { "chromium-chromedriver": "112.0.5615.49-0ubuntu0.18.04.1", "chromium-codecs-ffmpeg-extra-dbgsym": "112.0.5615.49-0ubuntu0.18.04.1", "chromium-browser-dbgsym": "112.0.5615.49-0ubuntu0.18.04.1", "chromium-codecs-ffmpeg": "112.0.5615.49-0ubuntu0.18.04.1", "chromium-chromedriver-dbgsym": "112.0.5615.49-0ubuntu0.18.04.1", "chromium-browser": "112.0.5615.49-0ubuntu0.18.04.1", "chromium-codecs-ffmpeg-dbgsym": "112.0.5615.49-0ubuntu0.18.04.1", "chromium-browser-l10n": "112.0.5615.49-0ubuntu0.18.04.1", "chromium-codecs-ffmpeg-extra": "112.0.5615.49-0ubuntu0.18.04.1" } ] }