Lucene search

K
freebsdFreeBSD246174D3-E979-11ED-8290-A8A1599412C6
HistoryMay 03, 2023 - 12:00 a.m.

chromium -- multiple vulnerabilities

2023-05-0300:00:00
vuxml.freebsd.org
22
chrome releases
security fixes
medium cve
inappropriate implementation
insufficient validation
use after free
untrusted input
low cve
full screen mode
pictureinpicture
cors
os inputs
extensions
prompts
unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

74.2%

Chrome Releases reports:

This update includes 15 security fixes:

[1423304] Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10
[1419732] Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik, Fingerprint[.]com on 2023-02-27
[1350561] Medium CVE-2023-2461: Use after free in OS Inputs. Reported by @ginggilBesel on 2022-08-06
[1375133] Medium CVE-2023-2462: Inappropriate implementation in Prompts. Reported by Alesandro Ortiz on 2022-10-17
[1406120] Medium CVE-2023-2463: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2023-01-10
[1418549] Medium CVE-2023-2464: Inappropriate implementation in PictureInPicture. Reported by Thomas Orlita on 2023-02-23
[1399862] Medium CVE-2023-2465: Inappropriate implementation in CORS. Reported by @kunte_ctf on 2022-12-10
[1385714] Low CVE-2023-2466: Inappropriate implementation in Prompts. Reported by Jasper Rebane (popstonia) on 2022-11-17
[1413586] Low CVE-2023-2467: Inappropriate implementation in Prompts. Reported by Thomas Orlita on 2023-02-07
[1416380] Low CVE-2023-2468: Inappropriate implementation in PictureInPicture. Reported by Alesandro Ortiz on 2023-02-15

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium< 113.0.5672.63UNKNOWN
FreeBSDanynoarchungoogled-chromium< 113.0.5672.63UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

74.2%