Lucene search

K
freebsdFreeBSD90C48C04-D549-4FC0-A503-4775E32D438E
HistoryApr 20, 2023 - 12:00 a.m.

chromium -- multiple vulnerabilities

2023-04-2000:00:00
vuxml.freebsd.org
21
chromium
multiple
vulnerabilities
security fixes
out of bounds
memory access
service worker api
devtools
use after free
integer overflow
skia
threat analysis group
heap buffer overflow
sqlite

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

77.9%

Chrome Releases reports:

This update includes 8 security fixes:

[1429197] High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
[1429201] High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
[1424337] High CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14
[1432603] High CVE-2023-2136: Integer overflow in Skia. Reported by Clรฉment Lecigne of Googleโ€™s Threat Analysis Group on 2023-04-12
[1430644] Medium CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium<ย 112.0.5615.165UNKNOWN
FreeBSDanynoarchungoogled-chromium<ย 112.0.5615.165UNKNOWN

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

77.9%