USN-6021-1: Chromium vulnerabilities

Read Time:1 Minute, 56 Second

It was discovered that Chromium did not properly manage memory in several
components. A remote attacker could possibly use this issue to corrupt
memory via a crafted HTML page, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2023-1528, CVE-2023-1530,
CVE-2023-1531, CVE-2023-1533, CVE-2023-1811, CVE-2023-1815, CVE-2023-1818)

It was discovered that Chromium could be made to access memory out of
bounds in WebHID. A remote attacker could possibly use this issue to
corrupt memory via a malicious HID device, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2023-1529)

It was discovered that Chromium could be made to access memory out of
bounds in several components. A remote attacker could possibly use this
issue to corrupt memory via a crafted HTML page, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2023-1532,
CVE-2023-1534, CVE-2023-1810, CVE-2023-1812, CVE-2023-1819, CVE-2023-1820)

It was discovered that Chromium contained an inappropriate implementation
in the Extensions component. A remote attacker who convinced a user to
install a malicious extension could possibly use this issue to bypass file
access restrictions via a crafted HTML page. (CVE-2023-1813)

It was discovered that Chromium did not properly validate untrusted input
in the Safe Browsing component. A remote attacker could possibly use this
issue to bypass download checking via a crafted HTML page. (CVE-2023-1814)

It was discovered that Chromium contained an inappropriate implementation
in the Picture In Picture component. A remote attacker could possibly use
this issue to perform navigation spoofing via a crafted HTML page.
(CVE-2023-1816)

It was discovered that Chromium contained an inappropriate implementation
in the WebShare component. A remote attacker could possibly use this issue
to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
(CVE-2023-1821)

It was discovered that Chromium contained an inappropriate implementation
in the Navigation component. A remote attacker could possibly use this
issue to perform domain spoofing via a crafted HTML page. (CVE-2023-1822)

It was discovered that Chromium contained an inappropriate implementation
in the FedCM component. A remote attacker could possibly use this issue to
bypass navigation restrictions via a crafted HTML page. (CVE-2023-1823)

Age Verification Using Facial Scans

NTLM Hash Exploit Targets Poland and Romania Days After Patch

Senators Urge Cyber-Threat Sharing Law Extension Before Deadline

Identity Attacks Now Comprise a Third of Intrusions

Microsoft Thwarts $4bn in Fraud Attempts

CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension

Network Edge Devices the Biggest Entry Point for Attacks on SMBs

ICO Issues Merseyside-Based Law Firm £60,000 Fine After Cyber-Attack

Smashing Security podcast #413: Hacking the hackers… with a credit card?

USN-6021-1: Chromium vulnerabilities

pgadmin4-9.2-1.fc41

java-latest-openjdk-24.0.1.0.9-1.rolling.el9

java-latest-openjdk-24.0.1.0.9-1.rolling.el10_0 java-latest-openjdk-portable-24.0.1.0.9-1.rolling.el8

java-1.8.0-openjdk-portable-1.8.0.452.b06-2.fc39 java-17-openjdk-portable-17.0.15.0.6-1.fc40

java-1.8.0-openjdk-1.8.0.452.b06-1.fc40

java-1.8.0-openjdk-1.8.0.452.b06-1.fc41