April 11, 2023 Yandex Browser Team 23.3.1.916-alt1
- Browser updated to 23.3.1
+ Critical CVE-2023-0941: Use after free in Prompts.
+ High CVE-2023-0927: Use after free in Web Payments API.
+ High CVE-2023-0928: Use after free in SwiftShader.
+ High CVE-2023-0929: Use after free in Vulkan.
+ High CVE-2023-0930: Heap buffer overflow in Video.
+ High CVE-2023-0931: Use after free in Video.
+ High CVE-2023-0932: Use after free in WebRTC.
+ Medium CVE-2023-0933: Integer overflow in PDF.
+ High CVE-2023-0696: Type Confusion in V8.
+ High CVE-2023-0697: Inappropriate implementation in Full screen mode.
+ High CVE-2023-0698: Out of bounds read in WebRTC.
+ Medium CVE-2023-0699: Use after free in GPU.
+ Medium CVE-2023-0700: Inappropriate implementation in Download.
+ Medium CVE-2023-0701: Heap buffer overflow in WebUI.
+ Medium CVE-2023-0702: Type Confusion in Data Transfer.
+ Medium CVE-2023-0703: Type Confusion in DevTools.
+ Low CVE-2023-0704: Insufficient policy enforcement in DevTools.
+ Low CVE-2023-0705: Integer overflow in Core.
+ High CVE-2023-0471: Use after free in WebTransport.
+ High CVE-2023-0472: Use after free in WebRTC.
+ Medium CVE-2023-0473: Type Confusion in ServiceWorker API.
+ Medium CVE-2023-0474: Use after free in GuestView.
+ High CVE-2023-0128: Use after free in Overview Mode.
+ High CVE-2023-0129: Heap buffer overflow in Network Service.
+ Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API.
+ Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox.
+ Medium CVE-2023-0132: Inappropriate implementation in Permission prompts.
+ Medium CVE-2023-0133: Inappropriate implementation in Permission prompts.
+ Medium CVE-2023-0134: Use after free in Cart.
+ Medium CVE-2023-0135: Use after free in Cart.
+ Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API.
+ Medium CVE-2023-0137: Heap buffer overflow in Platform Apps.
+ Low CVE-2023-0138: Heap buffer overflow in libphonenumber.
+ Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads.
+ Low CVE-2023-0140: Inappropriate implementation in File System API.
+ Low CVE-2023-0141: Insufficient policy enforcement in CORS.
- Set provides webclient (closes: [#43564](<https://bugzilla.altlinux.org/43564>))
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ALT Linux | 10 | src | yandex-browser-stable-23.3.1.946-alt1.src.rpm | < 23.3.1.916-alt1 | yandex-browser-stable-23.3.1.946-alt1.src.rpm |
ALT Linux | 10 | x86_64 | yandex-browser-stable-23.3.1.946-alt1.x86_64.rpm | < 23.3.1.916-alt1 | yandex-browser-stable-23.3.1.946-alt1.x86_64.rpm |