CVE-2023-2135

CVE-2023-2135 : Use-after-free in Chromium/Google Chrome DevTools prior to 112.0.5615.137 could allow a remote attacker to trigger heap corruption via a crafted HTML page after convincing a user to enable preconditions. Impact aligns with a high-severity heap corruption scenario. Affected product...

Google Chrome < 112.0.5615.137 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 112.0.5615.137. It is, therefore, affected by multiple vulnerabilities as referenced in the 202304stable-channel-update-for-desktop18 advisory. - Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions prior to Google Chrome 112.0.5615.137, which stems from a confusion in the directive responsible for freeing memory in DevTools. An attacker could use this vulnerability to caus...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.4.0.1), ai.dev-tools:ai-devtools (>=0.1.12 <=0.1.20) +35832 more potentially affected by CVE-2023-20861 via org.springframework:spring-expression (>=3.0.0.RELEASE <=5.2.22.RELEASE)

org.springframework:spring-expression MAVEN version =3.0.0.RELEASE, =4.4.0.0, =0.1.12, =0.1.6, =0.1.8, =0.1.6, =0.1.2, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =0.0.47, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.21 and more Source cves: CVE-2023-20861 Source advisory: OSV:GHSA-564R-HJ7V-MCR5...

German and South Korean Agencies Warn of Kimsuky's Expanding Cyber Attack Tactics

German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users' Gmail inboxes. The joint advisory comes from Germany's domestic intelligence apparatus, the Federal Office for the Protection of...

Google Chrome Security Update (stable-channel-update-for-desktop_21-2021-09) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0068-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0068-1 advisory. - Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a...

Chromium: CVE-2023-1216 Use after free in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2023-1235 Type Confusion in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA48544 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Policy enforcement...

Google Chrome DevTools Component Type Mixing Vulnerability

Google Chrome is a web browser from Google, Inc. A type-mangling vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a type-mangling issue in the DevTools component. A remote attacker could exploit this vulnerability to cause heap corruption via crafted UI...

Google Chrome DevTools Resource Management Error Vulnerability (CNVD-2023-17525)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a confusion in the DevTools component's instructions for freeing memory. A remote attacker could exploit the vulnerability to cause heap corruption v...

Denial Of Service (DoS)

Google Chrome is vulnerable to Denial Of Service DoS. The vulnerability exists due to the type confusion in DevTools, which allows an attacker to convince user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions, leading to an application crash...

Denial Of Service (DoS)

Google Chrome is vulnerable to Denial Of Service DoS. The vulnerability exists due to the type confusion in DevTools, which allows an attacker to convince user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page, leading to an application crash...

Same-Origin Policy Bypass

chromium is vulnerable to Same-Origin Policy Bypass. Insufficient policy enforcement in DevTools allows an attacker to bypass same origin policy and proxy settings via a crafted HTML page...

SUSE CVE-2023-1216

Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2023-1235

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. Chromium security severity: Low...

Google Chrome Security Updates (stable-channel-update-for-desktop-2023-03) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 40 security fixes: 1411210 High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong@n3sk of Theori on 2023-01-30 1412487 High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03 1417176...

CVE-2023-1235

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. Chromium security severity: Low...