8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.3%
The chromium-browser-stable package has been updated to the 109.0.5414.74 release, fixing 17 vulnerabilities. Some of the security fixes are - High CVE-2023-0128 Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16 High CVE-2023-0129 Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07 Medium CVE-2023-0130 Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30 Medium CVE-2023-0131 Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28 Medium CVE-2023-0132 Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05 Medium CVE-2023-0133 Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17 Medium CVE-2023-0134 Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17 Medium CVE-2023-0135 Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18 Medium CVE-2023-0136 Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26 Medium CVE-2023-0137 Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10 Low CVE-2023-0138 Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23 Low CVE-2023-0139 Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24 Low CVE-2023-0140 Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18 Low CVE-2023-0141 Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | chromium-browser-stable | < 109.0.5414.74-1 | chromium-browser-stable-109.0.5414.74-1.mga8 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.3%