Lucene search

K
freebsdFreeBSDFD87A250-FF78-11ED-8290-A8A1599412C6
HistoryMay 30, 2023 - 12:00 a.m.

chromium -- multiple vulnerabilities

2023-05-3000:00:00
vuxml.freebsd.org
21
chromium
security fixes
out of bounds write
use after free
type confusion
inappropriate implementation
insufficient data validation
pdf
extensions
installer
mojo
v8
picture in picture
downloads
extensions api

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.7%

Chrome Releases reports:

This update includes 16 security fixes:

[1410191] High CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-25
[1443401] High CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08
[1444238] High CVE-2023-2931: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on 2023-05-10
[1444581] High CVE-2023-2932: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on 2023-05-11
[1445426] High CVE-2023-2933: Use after free in PDF. Reported by Quang Nguyα»…n (@quangnh89) of Viettel Cyber Security and Nguyen Phuong on 2023-05-15
[1429720] High CVE-2023-2934: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-04-01
[1440695] High CVE-2023-2935: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-27
[1443452] High CVE-2023-2936: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-05-08
[1413813] Medium CVE-2023-2937: Inappropriate implementation in Picture In Picture. Reported by NDevTK on 2023-02-08
[1416350] Medium CVE-2023-2938: Inappropriate implementation in Picture In Picture. Reported by Alesandro Ortiz on 2023-02-15
[1427431] Medium CVE-2023-2939: Insufficient data validation in Installer. Reported by ycdxsb from VARAS@IIE on 2023-03-24
[1426807] Medium CVE-2023-2940: Inappropriate implementation in Downloads. Reported by Axel Chong on 2023-03-22
[1430269] Low CVE-2023-2941: Inappropriate implementation in Extensions API. Reported by Jasper Rebane on 2023-04-04

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium<Β 114.0.5735.90UNKNOWN
FreeBSDanynoarchungoogled-chromium<Β 114.0.5735.90UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.7%