Gentoo update for Chromium, Google Chrome, Microsoft Edge
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 69 |
| CVE-ID | CVE-2023-0696 CVE-2023-0697 CVE-2023-0698 CVE-2023-0699 CVE-2023-0700 CVE-2023-0701 CVE-2023-0702 CVE-2023-0703 CVE-2023-0704 CVE-2023-0705 CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941 CVE-2023-1528 CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533 CVE-2023-1534 CVE-2023-1810 CVE-2023-1811 CVE-2023-1812 CVE-2023-1813 CVE-2023-1814 CVE-2023-1815 CVE-2023-1816 CVE-2023-1817 CVE-2023-1818 CVE-2023-1819 CVE-2023-1820 CVE-2023-1821 CVE-2023-1822 CVE-2023-1823 CVE-2023-2033 CVE-2023-2133 CVE-2023-2134 CVE-2023-2135 CVE-2023-2136 CVE-2023-2137 CVE-2023-21720 CVE-2023-21794 CVE-2023-23374 CVE-2023-2459 CVE-2023-2460 CVE-2023-2461 CVE-2023-2462 CVE-2023-2463 CVE-2023-2464 CVE-2023-2465 CVE-2023-2466 CVE-2023-2467 CVE-2023-2468 CVE-2023-2721 CVE-2023-2722 CVE-2023-2723 CVE-2023-2724 CVE-2023-2725 CVE-2023-2726 CVE-2023-28261 CVE-2023-28286 CVE-2023-29334 CVE-2023-29350 CVE-2023-29354 |
| CWE-ID | CWE-843 CWE-358 CWE-125 CWE-416 CWE-122 CWE-264 CWE-190 CWE-119 CWE-20 CWE-451 CWE-362 CWE-254 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #22 is available. Vulnerability #40 is being exploited in the wild. Vulnerability #44 is being exploited in the wild. |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system www-client/microsoft-edge Operating systems & Components / Operating system package or component www-client/google-chrome Operating systems & Components / Operating system package or component www-client/chromium-bin Operating systems & Components / Operating system package or component www-client/chromium Operating systems & Components / Operating system package or component |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 69 vulnerabilities.
1) Type Confusion
EUVDB-ID: #VU72001
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0696
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improperly implemented security check for standard
EUVDB-ID: #VU72002
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0697
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Full screen mode in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU72003
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-0698
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the WebRTC component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Use-after-free
EUVDB-ID: #VU72004
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0699
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within GPU in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improperly implemented security check for standard
EUVDB-ID: #VU72005
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0700
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Download in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU72006
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0701
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebUI. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Type Confusion
EUVDB-ID: #VU72007
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0702
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a type confusion error within the Data Transfer component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Type Confusion
EUVDB-ID: #VU72008
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0703
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a type confusion error within the DevTools component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU72009
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0704
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in DevTools in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Integer overflow
EUVDB-ID: #VU72010
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0705
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a integer overflow in Core in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU72543
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0927
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Web Payments API component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU72544
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0928
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the SwiftShader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU72545
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0929
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Vulkan component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Heap-based buffer overflow
EUVDB-ID: #VU72546
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0930
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Video. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU72547
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0931
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Video component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU72548
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0932
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebRTC component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Integer overflow
EUVDB-ID: #VU72549
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0933
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to a integer overflow in PDF in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU72542
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0941
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Prompts component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU73907
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1528
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Passwords component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Buffer overflow
EUVDB-ID: #VU73908
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1529
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in WebHID in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU73909
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1530
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the PDF component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU73910
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-1531
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
23) Out-of-bounds read
EUVDB-ID: #VU73911
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1532
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the GPU Video component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU73912
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1533
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebProtect component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU73913
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1534
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ANGLE component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Heap-based buffer overflow
EUVDB-ID: #VU74453
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1810
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Visuals. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU74454
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1811
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Frames component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU74455
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1812
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a boundary condition within the DOM Bindings component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improperly implemented security check for standard
EUVDB-ID: #VU74456
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1813
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU74457
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1814
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Safe Browsing in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU74458
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1815
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Networking APIs in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Spoofing attack
EUVDB-ID: #VU74459
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1816
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Picture In Picture in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU74460
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1817
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Intents in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU74461
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1818
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Vulkan in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU74462
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1819
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Accessibility component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Heap-based buffer overflow
EUVDB-ID: #VU74463
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1820
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Browser History. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improperly implemented security check for standard
EUVDB-ID: #VU74464
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1821
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in WebShare in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Spoofing attack
EUVDB-ID: #VU74465
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1822
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improperly implemented security check for standard
EUVDB-ID: #VU74466
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1823
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in FedCM in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Type Confusion
EUVDB-ID: #VU75142
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-2033
CWE-ID:
CWE-843 - Type confusion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
41) Buffer overflow
EUVDB-ID: #VU75316
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2133
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in Service Worker API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Buffer overflow
EUVDB-ID: #VU75317
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2134
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in Service Worker API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU75318
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2135
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the DevTools component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Integer overflow
EUVDB-ID: #VU75319
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-2136
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Skia component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
45) Heap-based buffer overflow
EUVDB-ID: #VU75320
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2137
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in sqlite. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Input validation error
EUVDB-ID: #VU71797
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21720
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to visit a specially crafted website and crash the browser.
Update the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Spoofing attack
EUVDB-ID: #VU72102
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21794
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can trick the victim to visit a malicious website, click a popup displayed and spoof page content of a legitimate website.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Buffer overflow
EUVDB-ID: #VU72103
Risk: High
CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-23374
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improperly implemented security check for standard
EUVDB-ID: #VU75676
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2459
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Input validation error
EUVDB-ID: #VU75677
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2460
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Use-after-free
EUVDB-ID: #VU75678
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2461
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within OS Inputs in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Improperly implemented security check for standard
EUVDB-ID: #VU75679
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2462
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improperly implemented security check for standard
EUVDB-ID: #VU75680
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2463
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Full Screen Mode in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improperly implemented security check for standard
EUVDB-ID: #VU75681
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2464
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in PictureInPicture in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Improperly implemented security check for standard
EUVDB-ID: #VU75682
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2465
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in CORS in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Improperly implemented security check for standard
EUVDB-ID: #VU75683
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2466
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Improperly implemented security check for standard
EUVDB-ID: #VU75684
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2467
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improperly implemented security check for standard
EUVDB-ID: #VU75685
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2468
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in PictureInPicture in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Use-after-free
EUVDB-ID: #VU76202
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2721
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Navigation. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Use-after-free
EUVDB-ID: #VU76203
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2722
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Autofill UI. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use-after-free
EUVDB-ID: #VU76198
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2723
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the DevTools component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Type Confusion
EUVDB-ID: #VU76199
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2724
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use-after-free
EUVDB-ID: #VU76200
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2725
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Guest View component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Improperly implemented security check for standard
EUVDB-ID: #VU76201
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2726
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in WebApp Installs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Race condition
EUVDB-ID: #VU74029
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28261
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition. A local user can exploit the race and gain unauthorized access to sensitive information and execute arbitrary code with SYSTEM privileges.
Update the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Security features bypass
EUVDB-ID: #VU74028
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28286
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
the vulnerability exists due to improper implementation of security restrictions. A remote attacker can trick the victim to open a specially crafted URL and gain access to sensitive information.
Update the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Spoofing attack
EUVDB-ID: #VU75595
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29334
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can spoof page content.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Use-after-free
EUVDB-ID: #VU75771
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29350
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Security features bypass
EUVDB-ID: #VU75772
Risk: Medium
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29354
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improperly implemented security restrictions. A remote attacker can trick the victim to open a specially crafted URL and bypass Content Security Policy (CSP) and Pop-up blocker.
MitigationUpdate the affected packages.
www-client/chromium to version: 113.0.5672.126
www-client/chromium-bin to version: 113.0.5672.126
www-client/google-chrome to version: 113.0.5672.126
www-client/microsoft-edge to version: 113.0.1774.50
Gentoo Linux: All versions
www-client/microsoft-edge: before 113.0.1774.50
www-client/google-chrome: before 113.0.5672.126
www-client/chromium-bin: before 113.0.5672.126
www-client/chromium: before 113.0.5672.126
External linkshttp://security.gentoo.org/glsa/202309-17
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
