Ubuntu update for chromium-browser
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 22 |
| CVE-ID | CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0933 CVE-2023-0941 CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1224 CVE-2023-1226 CVE-2023-1229 CVE-2023-1232 CVE-2023-1233 CVE-2023-1235 CVE-2023-1236 |
| CWE-ID | CWE-416 CWE-122 CWE-190 CWE-843 CWE-264 CWE-358 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system chromium-browser (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU72544
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0928
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the SwiftShader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU72545
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0929
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Vulkan component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Heap-based buffer overflow
EUVDB-ID: #VU72546
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0930
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Video. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU72547
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0931
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Video component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer overflow
EUVDB-ID: #VU72549
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0933
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to a integer overflow in PDF in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and crash the browser.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU72542
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0941
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Prompts component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU73118
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1213
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Swiftshader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Type Confusion
EUVDB-ID: #VU73119
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1214
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Type Confusion
EUVDB-ID: #VU73120
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1215
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the CSS component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU73121
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1216
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the DevTools component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU73123
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1218
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebRTC component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Heap-based buffer overflow
EUVDB-ID: #VU73124
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1219
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Metrics. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Heap-based buffer overflow
EUVDB-ID: #VU73125
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1220
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in UMA. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU73126
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1221
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Extensions API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Heap-based buffer overflow
EUVDB-ID: #VU73127
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1222
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Web Audio API. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU73129
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1224
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Web Payments API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU73131
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1226
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Web Payments API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improperly implemented security check for standard
EUVDB-ID: #VU73134
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1229
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Permission prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU73137
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1232
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Resource Timing in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU73138
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1233
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Resource Timing in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Type Confusion
EUVDB-ID: #VU73140
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1235
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error within the DevTools component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and crash the browser.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improperly implemented security check for standard
EUVDB-ID: #VU73141
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1236
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Internals in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected package chromium-browser to the latest version.
Vulnerable software versionsUbuntu: 18.04
chromium-browser (Ubuntu package): before 111.0.5563.64-0ubuntu0.18.04.5
External linkshttp://ubuntu.com/security/notices/USN-5949-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
