USN-5949-1: Chromium vulnerabilities

Read Time:1 Minute, 50 Second

It was discovered that Chromium could be made to write out of bounds in
several components. A remote attacker could possibly use this issue to
corrupt memory via a crafted HTML page, resulting in a denial of service,
or possibly execute arbitrary code. (CVE-2023-0930, CVE-2023-1219,
CVE-2023-1220, CVE-2023-1222)

It was discovered that Chromium contained an integer overflow in the PDF
component. A remote attacker could possibly use this issue to corrupt
memory via a crafted PDF file, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2023-0933)

It was discovered that Chromium did not properly manage memory in several
components. A remote attacker could possibly use this issue to corrupt
memory via a crafted HTML page, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2023-0941, CVE-2023-0928,
CVE-2023-0929, CVE-2023-0931, CVE-2023-1213, CVE-2023-1216, CVE-2023-1218)

It was discovered that Chromium did not correctly distinguish data types
in several components. A remote attacker could possibly use this issue to
corrupt memory via a crafted HTML page, resulting in a denial of service,
or possibly execute arbitrary code. (CVE-2023-1214, CVE-2023-1215,
CVE-2023-1235)

It was discovered that Chromium insufficiently enforced policies. An
attacker could possibly use this issue to bypass navigation restrictions.
(CVE-2023-1221, CVE-2023-1224)

It was discovered that Chromium insufficiently enforced policies in Web
Payments API. A remote attacker could possibly use this issue to bypass
content security policy via a crafted HTML page. (CVE-2023-1226)

It was discovered that Chromium contained an inappropriate implementation
in the Permission prompts component. A remote attacker could possibly use
this issue to bypass navigation restrictions via a crafted HTML page.
(CVE-2023-1229)

It was discovered that Chromium insufficiently enforced policies in
Resource Timing component. A remote attacker could possibly use this issue
to obtain sensitive information. (CVE-2023-1232, CVE-2023-1233)

It was discovered that Chromium contained an inappropriate implementation
in the Internals component. A remote attacker could possibly use this
issue to spoof the origin of an iframe via a crafted HTML page.
(CVE-2023-1236)

Threat Actors Shift to JavaScript-Based Phishing Attacks

Cybersecurity Incident Affects Arkansas City Water Treatment Facility

Warnings after new Valencia ransomware group strikes businesses and leaks data

New Octo2 Malware Variant Threatens Mobile Banking Security

The AI Fix #17: Why AI is an AWFUL writer and LinkedIn’s outrageous land grab

14 Million Patients Impacted by US Healthcare Data Breaches in 2024

#GartnerSEC: Zero Failure Tolerance, A Cybersecurity Myth Holding Back Organizations

Citing security fears, Ukraine bans Telegram on government and military devices

Israel’s Pager Attacks and Supply Chain Vulnerabilities

USN-5949-1: Chromium vulnerabilities

xen-4.17.5-2.fc39

xen-4.18.3-2.fc40

xen-4.19.0-4.fc41

USN-7031-2: Puma vulnerability

USN-7031-1: Puma vulnerability

USN-7030-1: py7zr vulnerability