chromium -- multiple security fixes

2023-12-0500:00:00

vuxml.freebsd.org

chromium

update

security fixes

media stream

side panel search

media capture

autofill

web browser ui

unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

54.8%

JSON

Chrome Releases reports:

This update includes 10 security fixes:

[1497984] High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim(@cassidy6564) on 2023-10-31
[1494565] High CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani on 2023-10-21
[1480152] Medium CVE-2023-6510: Use after free in Media Capture. Reported by [pwn2car] on 2023-09-08
[1478613] Low CVE-2023-6511: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-09-04
[1457702] Low CVE-2023-6512: Inappropriate implementation in Web Browser UI. Reported by Om Apip on 2023-06-24

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium< 120.0.6099.62UNKNOWN
FreeBSDanynoarchungoogled-chromium< 120.0.6099.62UNKNOWN
FreeBSDanynoarchqt5-webengine< 5.15.16.p5_2UNKNOWN
FreeBSDanynoarchqt6-webengine< 6.6.1_1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	chromium	< 120.0.6099.62	UNKNOWN
FreeBSD	any	noarch	ungoogled-chromium	< 120.0.6099.62	UNKNOWN
FreeBSD	any	noarch	qt5-webengine	< 5.15.16.p5_2	UNKNOWN
FreeBSD	any	noarch	qt6-webengine	< 6.6.1_1	UNKNOWN