Google Chrome Security Update (stable-channel-update-for-desktop_11-2023-09) - Linux

Google Chrome is prone to a heap buffer overflow vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

Mozilla Firefox ESR Security Advisories (MFSA2023-29, MFSA2023-12) - Windows

Mozilla Firefox ESR is prone to heap buffer vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

[SECURITY] [DSA 5496-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5496-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 13, 2023 https://www.debian.org/security/faq -...

OPENSUSE-SU-2023:0246-1 Security update for chromium

This update for chromium fixes the following issues: Update to version 116.0.5845.187 boo1215231: CVE-2023-4863: Heap buffer overflow in WebP...

Mozilla Rushes to Patch WebP Critical Zero-Day Exploit in Firefox and Thunderbird

Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser. The shortcoming, assigned the identifier CVE-2023-4863, is a he...

Google Chromium WebP Heap-Based Buffer Overflow Vulnerability

Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec...

Mozilla Thunderbird < 115.2.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.2.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2023-40 advisory. - Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of thi...

FreeBSD : electron22 -- multiple vulnerabilities (3693eca5-f0d3-453c-9558-2353150495bb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3693eca5-f0d3-453c-9558-2353150495bb advisory. - Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote...

The vulnerability of the libwebp library regarding the encoding and decoding of WebP images, which involves reading beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the libwebp library for encoding and decoding WebP images involves reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Mozilla Firefox ESR < 115.2.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.2.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2023-40 advisory. - Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of thi...

Mozilla Thunderbird < 102.15.1

The version of Thunderbird installed on the remote Windows host is prior to 102.15.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2023-40 advisory. - Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue...

Mozilla Thunderbird < 115.2.2

The version of Thunderbird installed on the remote Windows host is prior to 115.2.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2023-40 advisory. - Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue...

html5-picture (>=0.0.4-alpha <=0.2.0), image-decompose (>=0.1.0 <=0.4.1) +1 more potentially affected by CVE-2023-4863 +1 more via webp (=0.1.3)

webp CARGO version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on webp and may be impacted: - html5-picture =0.0.4-alpha, =0.1.0, =0.4.1 - towebp =0.1.0 Source cves: CVE-2023-4863, CVE-2023-5129 Source advisory: OSV:GHSA-J7HP-H8JX-5PPR...

Minor update (3) for Vivaldi Desktop Browser 6.2

Download Vivaldi The following improvements were made since the second 6.2 minor update: Chromium Upgraded to 116.0.5845.195: fixes CVE-2023-4863 a.k.a CVE-2023-5129 — Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture SEAR and The Citizen Lab at The University ...

Chromium: CVE-2023-4863 Heap buffer overflow in WebP

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2023-4863 exists in the wild...

Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild - Update Now

Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that...

graphics/webp heap buffer overflow

Google Chrome reports: Heap buffer overflow in WebP ... allowed a remote attacker to perform an out of bounds memory write...

Google Chrome < 117.0.5938.62 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 117.0.5938.62. It is, therefore, affected by multiple vulnerabilities as referenced in the 202309stable-channel-update-for-desktop12 advisory. - Inappropriate implementation in Interstitials in Google Chrome prior to...

KLA60566 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A denial of...

Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 — Mozilla

Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. Note: This advisory was previously also tracked as CVE-2023-5129...