Gentoo update for Chromium, Google Chrome, Microsoft Edge
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 141 |
| CVE-ID | CVE-2023-2312 CVE-2023-2929 CVE-2023-2930 CVE-2023-2931 CVE-2023-2932 CVE-2023-2933 CVE-2023-2934 CVE-2023-2935 CVE-2023-2936 CVE-2023-2937 CVE-2023-2938 CVE-2023-2939 CVE-2023-2940 CVE-2023-2941 CVE-2023-3079 CVE-2023-3214 CVE-2023-3215 CVE-2023-3216 CVE-2023-3217 CVE-2023-3420 CVE-2023-3421 CVE-2023-3422 CVE-2023-3727 CVE-2023-3728 CVE-2023-3730 CVE-2023-3732 CVE-2023-3733 CVE-2023-3734 CVE-2023-3735 CVE-2023-3736 CVE-2023-3737 CVE-2023-3738 CVE-2023-3740 CVE-2023-4068 CVE-2023-4069 CVE-2023-4070 CVE-2023-4071 CVE-2023-4072 CVE-2023-4073 CVE-2023-4074 CVE-2023-4075 CVE-2023-4076 CVE-2023-4077 CVE-2023-4078 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359 CVE-2023-4360 CVE-2023-4361 CVE-2023-4362 CVE-2023-4363 CVE-2023-4364 CVE-2023-4365 CVE-2023-4366 CVE-2023-4367 CVE-2023-4368 CVE-2023-4427 CVE-2023-4428 CVE-2023-4429 CVE-2023-4430 CVE-2023-4431 CVE-2023-4572 CVE-2023-4761 CVE-2023-4762 CVE-2023-4763 CVE-2023-4764 CVE-2023-4900 CVE-2023-4901 CVE-2023-4902 CVE-2023-4903 CVE-2023-4904 CVE-2023-4905 CVE-2023-4906 CVE-2023-4907 CVE-2023-4908 CVE-2023-4909 CVE-2023-5186 CVE-2023-5187 CVE-2023-44488 CVE-2023-5217 CVE-2023-5218 CVE-2023-5346 CVE-2023-5472 CVE-2023-5473 CVE-2023-5474 CVE-2023-5475 CVE-2023-5476 CVE-2023-5477 CVE-2023-5478 CVE-2023-5479 CVE-2023-5480 CVE-2023-5481 CVE-2023-5482 CVE-2023-5483 CVE-2023-5484 CVE-2023-5485 CVE-2023-5486 CVE-2023-5487 CVE-2023-5849 CVE-2023-5850 CVE-2023-5851 CVE-2023-5852 CVE-2023-5853 CVE-2023-5854 CVE-2023-5855 CVE-2023-5856 CVE-2023-5857 CVE-2023-5858 CVE-2023-5859 CVE-2023-5996 CVE-2023-5997 CVE-2023-6112 CVE-2023-6345 CVE-2023-6346 CVE-2023-6347 CVE-2023-6348 CVE-2023-6350 CVE-2023-6351 CVE-2023-6508 CVE-2023-6509 CVE-2023-6510 CVE-2023-6511 CVE-2023-6512 CVE-2023-6702 CVE-2023-6703 CVE-2023-6704 CVE-2023-6705 CVE-2023-6706 CVE-2023-6707 CVE-2023-7024 CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225 |
| CWE-ID | CWE-416 CWE-787 CWE-119 CWE-843 CWE-358 CWE-20 CWE-122 CWE-264 CWE-125 CWE-451 CWE-190 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #15 is being exploited in the wild. Public exploit code for vulnerability #53 is available. Public exploit code for vulnerability #65 is available. Vulnerability #72 is being exploited in the wild. Vulnerability #87 is being exploited in the wild. Vulnerability #120 is being exploited in the wild. Vulnerability #137 is being exploited in the wild. |
| Vulnerable software Subscribe |
Gentoo Linux Operating systems & Components / Operating system www-client/microsoft-edge Operating systems & Components / Operating system package or component www-client/google-chrome Operating systems & Components / Operating system package or component www-client/chromium Operating systems & Components / Operating system package or component |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 141 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU79536
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2312
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Offline component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU76673
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2929
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Swiftshader. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU76674
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2930
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Extensions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU76675
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2931
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the PDF component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU76676
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2932
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the PDF component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU76677
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2933
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the PDF component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU76678
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2934
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in Mojo in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Type Confusion
EUVDB-ID: #VU76679
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2935
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Type Confusion
EUVDB-ID: #VU76680
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2936
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improperly implemented security check for standard
EUVDB-ID: #VU76681
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2937
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Picture In Picture in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improperly implemented security check for standard
EUVDB-ID: #VU76682
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2938
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Picture In Picture in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU76683
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2939
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Installer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improperly implemented security check for standard
EUVDB-ID: #VU76684
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2940
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improperly implemented security check for standard
EUVDB-ID: #VU76685
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2941
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Type Confusion
EUVDB-ID: #VU76967
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-3079
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 engine in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
16) Use-after-free
EUVDB-ID: #VU77202
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3214
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Autofill payments component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU77203
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3215
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebRTC component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Type Confusion
EUVDB-ID: #VU77204
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3216
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU77205
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3217
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebXR component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Type Confusion
EUVDB-ID: #VU77709
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3420
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU77710
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3421
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Media component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU77711
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3422
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Guest View component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU78377
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3727
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebRTC component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU78378
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3728
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebRTC component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU78379
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3730
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Tab Groups component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Buffer overflow
EUVDB-ID: #VU78380
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3732
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in Mojo in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improperly implemented security check for standard
EUVDB-ID: #VU78381
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3733
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in WebApp Installs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improperly implemented security check for standard
EUVDB-ID: #VU78382
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3734
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Picture In Picture in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improperly implemented security check for standard
EUVDB-ID: #VU78383
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3735
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Web API Permission Prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improperly implemented security check for standard
EUVDB-ID: #VU78384
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3736
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Custom Tabs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improperly implemented security check for standard
EUVDB-ID: #VU78385
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3737
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Notifications in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improperly implemented security check for standard
EUVDB-ID: #VU78386
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3738
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Input validation error
EUVDB-ID: #VU78387
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3740
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a improper input validation in Themes in Google Chrome. A remote attacker can trick the victim to perform certain actions in browser and crash it.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Type Confusion
EUVDB-ID: #VU78887
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4068
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Type Confusion
EUVDB-ID: #VU78888
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4069
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Type Confusion
EUVDB-ID: #VU78889
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4070
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Heap-based buffer overflow
EUVDB-ID: #VU78890
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4071
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Visuals. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds write
EUVDB-ID: #VU78897
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4072
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in WebGL in Google Chrome. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Buffer overflow
EUVDB-ID: #VU78891
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4073
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in ANGLE in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Use-after-free
EUVDB-ID: #VU78892
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4074
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Blink Task Scheduling component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use-after-free
EUVDB-ID: #VU78893
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4075
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Cast component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use-after-free
EUVDB-ID: #VU78894
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4076
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebRTC component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Input validation error
EUVDB-ID: #VU78895
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4077
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improperly implemented security check for standard
EUVDB-ID: #VU78896
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4078
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use-after-free
EUVDB-ID: #VU79537
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4349
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Device Trust Connectors component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improperly implemented security check for standard
EUVDB-ID: #VU79538
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4350
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Fullscreen in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use-after-free
EUVDB-ID: #VU79539
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4351
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Network component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Type Confusion
EUVDB-ID: #VU79540
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4352
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Heap-based buffer overflow
EUVDB-ID: #VU79541
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4353
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Heap-based buffer overflow
EUVDB-ID: #VU79542
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4354
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Skia. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Buffer overflow
EUVDB-ID: #VU79543
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4355
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in V8 in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Use-after-free
EUVDB-ID: #VU79544
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4356
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Audio in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Input validation error
EUVDB-ID: #VU79545
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-4357
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in XML in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
54) Use-after-free
EUVDB-ID: #VU79546
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4358
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within DNS in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Improperly implemented security check for standard
EUVDB-ID: #VU79547
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4359
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in App Launcher in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Improperly implemented security check for standard
EUVDB-ID: #VU79548
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4360
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Color in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Improperly implemented security check for standard
EUVDB-ID: #VU79549
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4361
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Heap-based buffer overflow
EUVDB-ID: #VU79550
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4362
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in Mojom IDL. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Improperly implemented security check for standard
EUVDB-ID: #VU79551
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4363
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in WebShare in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Improperly implemented security check for standard
EUVDB-ID: #VU79552
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4364
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Permission Prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Improperly implemented security check for standard
EUVDB-ID: #VU79553
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4365
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Fullscreen in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use-after-free
EUVDB-ID: #VU79554
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4366
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Extensions in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU79555
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4367
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Extensions API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU79556
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4368
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Extensions API in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Buffer overflow
EUVDB-ID: #VU79875
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-4427
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in V8 in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
66) Buffer overflow
EUVDB-ID: #VU79874
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4428
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in CSS in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use-after-free
EUVDB-ID: #VU79873
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4429
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Loader component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Use-after-free
EUVDB-ID: #VU79872
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4430
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Vulkan component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Out-of-bounds read
EUVDB-ID: #VU79876
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4431
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to crash the browser.
The vulnerability exists due to a boundary condition within the Fonts component in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger an out-of-bounds read error and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use-after-free
EUVDB-ID: #VU80110
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4572
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the MediaStream component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Buffer overflow
EUVDB-ID: #VU80462
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4761
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in FedCM in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Type Confusion
EUVDB-ID: #VU80463
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-4762
CWE-ID:
CWE-843 - Type confusion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
73) Use-after-free
EUVDB-ID: #VU80464
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4763
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Networks component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Spoofing attack
EUVDB-ID: #VU80465
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4764
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in BFCache in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Improperly implemented security check for standard
EUVDB-ID: #VU80696
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4900
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Custom Tabs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Improperly implemented security check for standard
EUVDB-ID: #VU80697
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4901
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Improperly implemented security check for standard
EUVDB-ID: #VU80698
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4902
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Input in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Improperly implemented security check for standard
EUVDB-ID: #VU80699
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4903
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Custom Mobile Tabs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU80700
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4904
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Downloads in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Improperly implemented security check for standard
EUVDB-ID: #VU80701
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4905
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU80702
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4906
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient policy enforcement in Autofill in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Improperly implemented security check for standard
EUVDB-ID: #VU80703
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4907
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Intents in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Improperly implemented security check for standard
EUVDB-ID: #VU80704
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4908
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Picture in Picture in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Improperly implemented security check for standard
EUVDB-ID: #VU80705
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4909
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Interstitials in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Use-after-free
EUVDB-ID: #VU81245
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5186
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Passwords component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Use-after-free
EUVDB-ID: #VU81246
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5187
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Extensions component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Heap-based buffer overflow
EUVDB-ID: #VU81244
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-44488,CVE-2023-5217
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in vp8 encoding in libvpx. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
88) Use-after-free
EUVDB-ID: #VU81809
Risk: High
CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5218
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Site Isolation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Type Confusion
EUVDB-ID: #VU81431
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5346
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Use-after-free
EUVDB-ID: #VU82352
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5472
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Profiles component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Use-after-free
EUVDB-ID: #VU81822
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5473
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to use-after-free error in Cast in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and crash the browser.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Heap-based buffer overflow
EUVDB-ID: #VU81816
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5474
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in PDF. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Improperly implemented security check for standard
EUVDB-ID: #VU81812
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5475
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in DevTools in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use-after-free
EUVDB-ID: #VU81815
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5476
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Blink History in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Improperly implemented security check for standard
EUVDB-ID: #VU81820
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5477
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Installer in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Improperly implemented security check for standard
EUVDB-ID: #VU81819
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5478
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Improperly implemented security check for standard
EUVDB-ID: #VU81817
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5479
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Extensions API in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Improperly implemented security check for standard
EUVDB-ID: #VU82623
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5480
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect implementation in Payments in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and compromise the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Improperly implemented security check for standard
EUVDB-ID: #VU81814
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5481
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Input validation error
EUVDB-ID: #VU82624
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5482
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing HTML content in USB. Chrome High. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Improperly implemented security check for standard
EUVDB-ID: #VU81813
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5483
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Intents in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Improperly implemented security check for standard
EUVDB-ID: #VU81811
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5484
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Navigation in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Improperly implemented security check for standard
EUVDB-ID: #VU81818
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5485
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Improperly implemented security check for standard
EUVDB-ID: #VU81821
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5486
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Input in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Improperly implemented security check for standard
EUVDB-ID: #VU81810
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5487
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Fullscreen in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Integer overflow
EUVDB-ID: #VU82625
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5849
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in USB component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Spoofing attack
EUVDB-ID: #VU82626
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5850
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Improperly implemented security check for standard
EUVDB-ID: #VU82627
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5851
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Use-after-free
EUVDB-ID: #VU82628
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Printing in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Spoofing attack
EUVDB-ID: #VU82629
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5853
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Use-after-free
EUVDB-ID: #VU82630
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5854
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Profiles in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Use-after-free
EUVDB-ID: #VU82631
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5855
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Reading Mode in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Use-after-free
EUVDB-ID: #VU82632
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5856
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Side Panel in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Improperly implemented security check for standard
EUVDB-ID: #VU82633
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5857
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Downloads in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Improperly implemented security check for standard
EUVDB-ID: #VU82634
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5858
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in WebApp Provider in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Spoofing attack
EUVDB-ID: #VU82635
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5859
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to insufficient validation of user-supplied input in Picture In Picture in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and spoof web page content.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Use-after-free
EUVDB-ID: #VU82904
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5996
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebAudio component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Use-after-free
EUVDB-ID: #VU83070
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-5997
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Garbage Collection component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Use-after-free
EUVDB-ID: #VU83071
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6112
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Navigation component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Integer overflow
EUVDB-ID: #VU83543
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-6345
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Skia component in Google Chrome. A remote attacker can trick the victim to open a specially crafted web page, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
121) Use-after-free
EUVDB-ID: #VU83540
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6346
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebAudio component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Use-after-free
EUVDB-ID: #VU83539
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6347
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Mojo component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Type Confusion
EUVDB-ID: #VU83538
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6348
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the Spellcheck component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Buffer overflow
EUVDB-ID: #VU83541
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6350
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in libavif in Google Chrome. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a stack-based buffer overflow and execute arbitrary code on the system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Use-after-free
EUVDB-ID: #VU83542
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6351
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the libavif component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Use-after-free
EUVDB-ID: #VU83887
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6508
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Media Stream component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Use-after-free
EUVDB-ID: #VU83888
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6509
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Side Panel Search component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Use-after-free
EUVDB-ID: #VU83889
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6510
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within Media Capture in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Improperly implemented security check for standard
EUVDB-ID: #VU83890
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6511
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Autofill in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Improperly implemented security check for standard
EUVDB-ID: #VU83891
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6512
CWE-ID:
CWE-358 - Improperly Implemented Security Check for Standard
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to incorrect implementation in Web Browser UI in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Type Confusion
EUVDB-ID: #VU84362
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6702
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Use-after-free
EUVDB-ID: #VU84363
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6703
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the Blink component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Use-after-free
EUVDB-ID: #VU84364
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6704
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the libavif component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Use-after-free
EUVDB-ID: #VU84365
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6705
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebRTC component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Use-after-free
EUVDB-ID: #VU84366
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6706
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the FedCM component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Use-after-free
EUVDB-ID: #VU84367
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6707
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within CSS in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Heap-based buffer overflow
EUVDB-ID: #VU84619
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-7024
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in WebRTC. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Update the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
138) Use-after-free
EUVDB-ID: #VU84967
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0222
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the ANGLE component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Heap-based buffer overflow
EUVDB-ID: #VU84968
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0223
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in ANGLE. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Use-after-free
EUVDB-ID: #VU84969
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0224
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebAudio component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Use-after-free
EUVDB-ID: #VU84970
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0225
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the WebGPU component in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
www-client/chromium to version: 120.0.6099.109
www-client/google-chrome to version: 120.0.6099.109
www-client/microsoft-edge to version: 120.0.2210.133
Gentoo Linux: All versions
www-client/microsoft-edge: before 120.0.2210.133
www-client/google-chrome: before 120.0.6099.109
www-client/chromium: before 120.0.6099.109
External linkshttp://security.gentoo.org/glsa/202401-34
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
