9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.8%
It was discovered that Chromium did not properly manage memory in several
components. A remote attacker could possibly use this issue to corrupt
memory via a crafted HTML page, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2023-1528, CVE-2023-1530,
CVE-2023-1531, CVE-2023-1533, CVE-2023-1811, CVE-2023-1815, CVE-2023-1818)
It was discovered that Chromium could be made to access memory out of
bounds in WebHID. A remote attacker could possibly use this issue to
corrupt memory via a malicious HID device, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2023-1529)
It was discovered that Chromium could be made to access memory out of
bounds in several components. A remote attacker could possibly use this
issue to corrupt memory via a crafted HTML page, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2023-1532,
CVE-2023-1534, CVE-2023-1810, CVE-2023-1812, CVE-2023-1819, CVE-2023-1820)
It was discovered that Chromium contained an inappropriate implementation
in the Extensions component. A remote attacker who convinced a user to
install a malicious extension could possibly use this issue to bypass file
access restrictions via a crafted HTML page. (CVE-2023-1813)
It was discovered that Chromium did not properly validate untrusted input
in the Safe Browsing component. A remote attacker could possibly use this
issue to bypass download checking via a crafted HTML page. (CVE-2023-1814)
It was discovered that Chromium contained an inappropriate implementation
in the Picture In Picture component. A remote attacker could possibly use
this issue to perform navigation spoofing via a crafted HTML page.
(CVE-2023-1816)
It was discovered that Chromium contained an inappropriate implementation
in the WebShare component. A remote attacker could possibly use this issue
to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
(CVE-2023-1821)
It was discovered that Chromium contained an inappropriate implementation
in the Navigation component. A remote attacker could possibly use this
issue to perform domain spoofing via a crafted HTML page. (CVE-2023-1822)
It was discovered that Chromium contained an inappropriate implementation
in the FedCM component. A remote attacker could possibly use this issue to
bypass navigation restrictions via a crafted HTML page. (CVE-2023-1823)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 18.04 | noarch | chromium-browser | < 112.0.5615.49-0ubuntu0.18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | chromium-browser-dbgsym | < 112.0.5615.49-0ubuntu0.18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | chromium-browser-l10n | < 112.0.5615.49-0ubuntu0.18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | chromium-chromedriver | < 112.0.5615.49-0ubuntu0.18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | chromium-codecs-ffmpeg | < 112.0.5615.49-0ubuntu0.18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | chromium-codecs-ffmpeg-dbgsym | < 112.0.5615.49-0ubuntu0.18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | chromium-codecs-ffmpeg-extra | < 112.0.5615.49-0ubuntu0.18.04.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | chromium-codecs-ffmpeg-extra-dbgsym | < 112.0.5615.49-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu.com/security/CVE-2023-1528
ubuntu.com/security/CVE-2023-1529
ubuntu.com/security/CVE-2023-1530
ubuntu.com/security/CVE-2023-1531
ubuntu.com/security/CVE-2023-1532
ubuntu.com/security/CVE-2023-1533
ubuntu.com/security/CVE-2023-1534
ubuntu.com/security/CVE-2023-1810
ubuntu.com/security/CVE-2023-1811
ubuntu.com/security/CVE-2023-1812
ubuntu.com/security/CVE-2023-1813
ubuntu.com/security/CVE-2023-1814
ubuntu.com/security/CVE-2023-1815
ubuntu.com/security/CVE-2023-1816
ubuntu.com/security/CVE-2023-1818
ubuntu.com/security/CVE-2023-1819
ubuntu.com/security/CVE-2023-1820
ubuntu.com/security/CVE-2023-1821
ubuntu.com/security/CVE-2023-1822
ubuntu.com/security/CVE-2023-1823
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.8%