Lucene search

K
mageiaGentoo FoundationMGASA-2023-0090
HistoryMar 11, 2023 - 10:00 p.m.

Updated chromium-browser-stable packages fix security vulnerability

2023-03-1122:00:39
Gentoo Foundation
advisories.mageia.org
33

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.8%

High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30 High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03 High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17 High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21 High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03 High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on 2023-02-07 High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero on 2023-02-13 High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero on 2023-02-17 Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry on 2022-11-16 Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24 Medium CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-12-07 Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita on 2022-12-25 Medium CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20 Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous on 2019-10-10 Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on 2022-07-31 Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18 Medium CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita on 2020-12-20 Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong on 2022-12-30 Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave on 2021-11-30 Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta on 2022-07-24 Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami on 2020-01-25 Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-01-03 Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-03 Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz on 2022-10-14

OSVersionArchitecturePackageVersionFilename
Mageia8noarchchromium-browser-stable< 111.0.5563.64-1chromium-browser-stable-111.0.5563.64-1.mga8

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.8%