CVE-2023-45593

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser concerning the handling of alternative URLs, other than “ http://localhost” allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and...

[SECURITY] Fedora 43 Update: cef-141.0.11^chromium141.0.7390.122-1.fc43

CEF is an embeddable build of Chromium, powered by WebKit Blink...

AMD Adrenalin Driver Embedded Chromium Browser

Affected Products and Mitigation AMD recommends users concerned about potential vulnerabilities in Chromium keep the web browser setting disabled until mitigations have been released. AMD is planning to release updates for AMD Software: Adrenalin Edition which will include a newer version of...

CVE-2023-45593

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser concerning the handling of alternative URLs, other than “ http://localhost” allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and...

CVE-2023-45592

A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser due to the binary being executed with the “--no-sandbox” option and with root privileges exacerbates the impacts of successful attacks executed against the browser. This issue affects: AiLux imx6 bund...

CVE-2023-45594

A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This...

Xxe

A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This...

CVE-2023-45594

CVE-2023-45594 affects AiLux imx6 bundle earlier than imx6_1.0.7-2. The root cause is a CWE-552 vulnerability in the embedded Chromium browser that could allow a physical attacker to arbitrarily download or upload files to the device’s filesystem, with impacts on confidentiality, integrity, and a...

CVE-2023-45593

The CVE-2023-45593 entry describes a CWE-184 vulnerability in the embedded Chromium browser used by AiLux imx6 bundles. The issue arises from improper handling of alternative URLs (any URL other than http://localhost), allowing a physical attacker to read arbitrary files, alter browser configurat...

PT-2024-13257 · Google · Chromium

Name of the Vulnerable Software and Affected Versions: AiLux imx6 bundle versions prior to imx6 1.0.7-2 Description: A vulnerability in the embedded Chromium browser, concerning the handling of alternative URLs other than "http://localhost", allows a physical attacker to read arbitrary files on t...

CVE-2021-22142

Kibana contains an embedded version of the Chromium browser that the Reporting feature uses to generate the downloadable reports. If a user with permissions to generate reports is able to render arbitrary HTML with this browser, they may be able to leverage known Chromium vulnerabilities to condu...

多款Siemens产品安全漏洞

Siemens Desigo PX is a building automation control system from Siemens, Germany. A security vulnerability exists in a number of Siemens products that stems from the device's embedded Chromium-based browser being launched as root with the "--no-sandbox" option. An attacker could add arbitrary...

Elastic Kibana 安全特征问题漏洞

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A security feature issue vulnerability exists in Elastic Kibana, which stems from an embedded version...