 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.12.2023.5949.1 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-5949-1) |
| Summary: | The remote host is missing an update for the 'chromium-browser' package(s) announced via the USN-5949-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'chromium-browser' package(s) announced via the USN-5949-1 advisory. Vulnerability Insight: It was discovered that Chromium could be made to write out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0930, CVE-2023-1219, CVE-2023-1220, CVE-2023-1222) It was discovered that Chromium contained an integer overflow in the PDF component. A remote attacker could possibly use this issue to corrupt memory via a crafted PDF file, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0933) It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-0941, CVE-2023-0928, CVE-2023-0929, CVE-2023-0931, CVE-2023-1213, CVE-2023-1216, CVE-2023-1218) It was discovered that Chromium did not correctly distinguish data types in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-1214, CVE-2023-1215, CVE-2023-1235) It was discovered that Chromium insufficiently enforced policies. An attacker could possibly use this issue to bypass navigation restrictions. (CVE-2023-1221, CVE-2023-1224) It was discovered that Chromium insufficiently enforced policies in Web Payments API. A remote attacker could possibly use this issue to bypass content security policy via a crafted HTML page. (CVE-2023-1226) It was discovered that Chromium contained an inappropriate implementation in the Permission prompts component. A remote attacker could possibly use this issue to bypass navigation restrictions via a crafted HTML page. (CVE-2023-1229) It was discovered that Chromium insufficiently enforced policies in Resource Timing component. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2023-1232, CVE-2023-1233) It was discovered that Chromium contained an inappropriate implementation in the Internals component. A remote attacker could possibly use this issue to spoof the origin of an iframe via a crafted HTML page. (CVE-2023-1236) Affected Software/OS: 'chromium-browser' package(s) on Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-0928 https://security.gentoo.org/glsa/202309-17 https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html https://crbug.com/1309035 Common Vulnerability Exposure (CVE) ID: CVE-2023-0929 https://crbug.com/1399742 Common Vulnerability Exposure (CVE) ID: CVE-2023-0930 https://crbug.com/1410766 Common Vulnerability Exposure (CVE) ID: CVE-2023-0931 https://crbug.com/1407701 Common Vulnerability Exposure (CVE) ID: CVE-2023-0933 https://crbug.com/1404864 Common Vulnerability Exposure (CVE) ID: CVE-2023-0941 https://crbug.com/1415366 Common Vulnerability Exposure (CVE) ID: CVE-2023-1213 https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html https://crbug.com/1411210 Common Vulnerability Exposure (CVE) ID: CVE-2023-1214 https://crbug.com/1412487 Common Vulnerability Exposure (CVE) ID: CVE-2023-1215 https://crbug.com/1417176 Common Vulnerability Exposure (CVE) ID: CVE-2023-1216 https://crbug.com/1417649 Common Vulnerability Exposure (CVE) ID: CVE-2023-1218 https://crbug.com/1413628 Common Vulnerability Exposure (CVE) ID: CVE-2023-1219 http://packetstormsecurity.com/files/171795/Chrome-base-debug-ActivityUserData-ActivityUserData-Heap-Buffer-Overflow.html https://crbug.com/1415328 Common Vulnerability Exposure (CVE) ID: CVE-2023-1220 http://packetstormsecurity.com/files/171796/Chrome-base-SampleVectorBase-MoveSingleSampleToCounts-Heap-Buffer-Overflow.html https://crbug.com/1417185 Common Vulnerability Exposure (CVE) ID: CVE-2023-1221 https://crbug.com/1385343 Common Vulnerability Exposure (CVE) ID: CVE-2023-1222 https://crbug.com/1403515 Common Vulnerability Exposure (CVE) ID: CVE-2023-1224 https://crbug.com/1403539 Common Vulnerability Exposure (CVE) ID: CVE-2023-1226 https://crbug.com/1013080 Common Vulnerability Exposure (CVE) ID: CVE-2023-1229 https://crbug.com/1160485 Common Vulnerability Exposure (CVE) ID: CVE-2023-1232 https://crbug.com/1346924 Common Vulnerability Exposure (CVE) ID: CVE-2023-1233 https://crbug.com/1045681 Common Vulnerability Exposure (CVE) ID: CVE-2023-1235 https://crbug.com/1404704 Common Vulnerability Exposure (CVE) ID: CVE-2023-1236 https://crbug.com/1374518 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |