Lucene search

K
freebsdFreeBSD6D9C6AAE-5EB1-11EE-8290-A8A1599412C6
HistorySep 27, 2023 - 12:00 a.m.

chromium -- multiple vulnerabilities

2023-09-2700:00:00
vuxml.freebsd.org
12
chromium
security fixes
heap buffer overflow
use after free
libvpx
passwords
extensions

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.248

Percentile

96.7%

Chrome Releases reports:

This update includes 10 security fixes:

[1486441] High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-09-25
[1478889] High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05
[1475798] High CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium< 117.0.5938.132UNKNOWN
FreeBSDanynoarchungoogled-chromium< 117.0.5938.132UNKNOWN
FreeBSDanynoarchqt6-webengine< 6.6.1UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.248

Percentile

96.7%