Lucene search

K
freebsdFreeBSD814AF1BE-EC63-11EE-8E76-A8A1599412C6
HistoryMar 26, 2024 - 12:00 a.m.

chromium -- multiple security fixes

2024-03-2600:00:00
vuxml.freebsd.org
11
chromium
update
security fixes
critical
high
use after free
angle
dawn
webcodecs
webassembly
type confusion
unix

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

16.8%

Chrome Releases reports:

This update includes 7 security fixes:

[327807820] Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03
[328958020] High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11
[330575496] High CVE-2024-2886: Use after free in WebCodecs. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21
[330588502] High CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul, via Pwn2Own 2024 on 2024-03-21

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium< 123.0.6312.86UNKNOWN
FreeBSDanynoarchungoogled-chromium< 123.0.6312.86UNKNOWN

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

16.8%