Daily Archives: April 14, 2023

Advisories

python-setuptools-59.6.0-4.fc36

Read Time:7 Second

FEDORA-2023-9992b32c1f

Packages in this update:

python-setuptools-59.6.0-4.fc36

Update description:

Security fix for CVE-2022-40897

Read More

News

Stolen ChatGPT premium accounts up for sale on the dark web

Read Time:35 Second

Trade of stolen ChatGPT account credentials, especially those of the premium accounts, is on a rise on the dark web since March, enabling cybercriminals to get around OpenAI’s geofencing restrictions and get unlimited access to ChatGPT, according to research by Check Point.

“During the last month, CPR (Check Point Research) observed an increase in the chatter in underground forums related to leaking or selling compromised ChatGPT premium accounts,” Check Point said in a blog post. “Mostly those stolen accounts are being sold, but some of the actors also share stolen ChatGPT premium accounts for free, to advertise their own services or tools to steal the accounts.”

To read this article in full, please click here

Read More

Advisories

USN-6021-1: Chromium vulnerabilities

Read Time:1 Minute, 56 Second

It was discovered that Chromium did not properly manage memory in several
components. A remote attacker could possibly use this issue to corrupt
memory via a crafted HTML page, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2023-1528, CVE-2023-1530,
CVE-2023-1531, CVE-2023-1533, CVE-2023-1811, CVE-2023-1815, CVE-2023-1818)

It was discovered that Chromium could be made to access memory out of
bounds in WebHID. A remote attacker could possibly use this issue to
corrupt memory via a malicious HID device, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2023-1529)

It was discovered that Chromium could be made to access memory out of
bounds in several components. A remote attacker could possibly use this
issue to corrupt memory via a crafted HTML page, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2023-1532,
CVE-2023-1534, CVE-2023-1810, CVE-2023-1812, CVE-2023-1819, CVE-2023-1820)

It was discovered that Chromium contained an inappropriate implementation
in the Extensions component. A remote attacker who convinced a user to
install a malicious extension could possibly use this issue to bypass file
access restrictions via a crafted HTML page. (CVE-2023-1813)

It was discovered that Chromium did not properly validate untrusted input
in the Safe Browsing component. A remote attacker could possibly use this
issue to bypass download checking via a crafted HTML page. (CVE-2023-1814)

It was discovered that Chromium contained an inappropriate implementation
in the Picture In Picture component. A remote attacker could possibly use
this issue to perform navigation spoofing via a crafted HTML page.
(CVE-2023-1816)

It was discovered that Chromium contained an inappropriate implementation
in the WebShare component. A remote attacker could possibly use this issue
to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
(CVE-2023-1821)

It was discovered that Chromium contained an inappropriate implementation
in the Navigation component. A remote attacker could possibly use this
issue to perform domain spoofing via a crafted HTML page. (CVE-2023-1822)

It was discovered that Chromium contained an inappropriate implementation
in the FedCM component. A remote attacker could possibly use this issue to
bypass navigation restrictions via a crafted HTML page. (CVE-2023-1823)

Read More