Test ID:	1.3.6.1.4.1.25623.1.1.12.2023.6021.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6021-1)
Summary:	The remote host is missing an update for the 'chromium-browser' package(s) announced via the USN-6021-1 advisory.
Description:	Summary: The remote host is missing an update for the 'chromium-browser' package(s) announced via the USN-6021-1 advisory. Vulnerability Insight: It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-1528, CVE-2023-1530, CVE-2023-1531, CVE-2023-1533, CVE-2023-1811, CVE-2023-1815, CVE-2023-1818) It was discovered that Chromium could be made to access memory out of bounds in WebHID. A remote attacker could possibly use this issue to corrupt memory via a malicious HID device, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-1529) It was discovered that Chromium could be made to access memory out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-1532, CVE-2023-1534, CVE-2023-1810, CVE-2023-1812, CVE-2023-1819, CVE-2023-1820) It was discovered that Chromium contained an inappropriate implementation in the Extensions component. A remote attacker who convinced a user to install a malicious extension could possibly use this issue to bypass file access restrictions via a crafted HTML page. (CVE-2023-1813) It was discovered that Chromium did not properly validate untrusted input in the Safe Browsing component. A remote attacker could possibly use this issue to bypass download checking via a crafted HTML page. (CVE-2023-1814) It was discovered that Chromium contained an inappropriate implementation in the Picture In Picture component. A remote attacker could possibly use this issue to perform navigation spoofing via a crafted HTML page. (CVE-2023-1816) It was discovered that Chromium contained an inappropriate implementation in the WebShare component. A remote attacker could possibly use this issue to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2023-1821) It was discovered that Chromium contained an inappropriate implementation in the Navigation component. A remote attacker could possibly use this issue to perform domain spoofing via a crafted HTML page. (CVE-2023-1822) It was discovered that Chromium contained an inappropriate implementation in the FedCM component. A remote attacker could possibly use this issue to bypass navigation restrictions via a crafted HTML page. (CVE-2023-1823) Affected Software/OS: 'chromium-browser' package(s) on Ubuntu 18.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-1528 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/ https://security.gentoo.org/glsa/202309-17 https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html https://crbug.com/1421773 Common Vulnerability Exposure (CVE) ID: CVE-2023-1529 https://crbug.com/1419718 Common Vulnerability Exposure (CVE) ID: CVE-2023-1530 https://crbug.com/1419831 Common Vulnerability Exposure (CVE) ID: CVE-2023-1531 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1724 https://crbug.com/1415330 Common Vulnerability Exposure (CVE) ID: CVE-2023-1532 http://packetstormsecurity.com/files/171959/Chrome-media-mojom-VideoFrame-Missing-Validation.html https://crbug.com/1421268 Common Vulnerability Exposure (CVE) ID: CVE-2023-1533 https://crbug.com/1422183 Common Vulnerability Exposure (CVE) ID: CVE-2023-1534 http://packetstormsecurity.com/files/171961/Chrome-GL_ShaderBinary-Untrusted-Process-Exposure.html http://packetstormsecurity.com/files/171965/Chrome-SpvGetMappedSamplerName-Out-Of-Bounds-String-Copy.html https://crbug.com/1422594 Common Vulnerability Exposure (CVE) ID: CVE-2023-1810 Debian Security Information: DSA-5386 (Google Search) https://www.debian.org/security/2023/dsa-5386 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html https://crbug.com/1414018 Common Vulnerability Exposure (CVE) ID: CVE-2023-1811 https://crbug.com/1420510 Common Vulnerability Exposure (CVE) ID: CVE-2023-1812 https://crbug.com/1418224 Common Vulnerability Exposure (CVE) ID: CVE-2023-1813 https://crbug.com/1423258 Common Vulnerability Exposure (CVE) ID: CVE-2023-1814 https://crbug.com/1417325 Common Vulnerability Exposure (CVE) ID: CVE-2023-1815 https://crbug.com/1278708 Common Vulnerability Exposure (CVE) ID: CVE-2023-1816 https://crbug.com/1413919 Common Vulnerability Exposure (CVE) ID: CVE-2023-1818 https://crbug.com/1223346 Common Vulnerability Exposure (CVE) ID: CVE-2023-1819 https://crbug.com/1406588 Common Vulnerability Exposure (CVE) ID: CVE-2023-1820 https://crbug.com/1408120 Common Vulnerability Exposure (CVE) ID: CVE-2023-1821 https://crbug.com/1413618 Common Vulnerability Exposure (CVE) ID: CVE-2023-1822 https://crbug.com/1066555 Common Vulnerability Exposure (CVE) ID: CVE-2023-1823 https://crbug.com/1406900
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.