CVE-2023-5484

Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-5484

The CVE-2023-5484 entry concerns Chrome/Chromium where an inappropriate implementation in the Navigation UI allows a remote attacker to spoof security UI via a crafted HTML page. Affected product: Google Chrome/Chromium browser. Root cause: navigation handling in Chromium before 118.0.5993.70 per...

CVE-2023-5481

Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-5487

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2023-5487

CVE-2023-5487 affects Google Chrome/Chromium’s Fullscreen implementation prior to 118.0.5993.70. An attacker could exploit a crafted Chrome Extension to bypass navigation restrictions by convincing a user to install the malicious extension. Severity is Medium; impact involves bypassing navigation...

CVE-2023-5485

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. Chromium security severity: Low...

no sufficient tokens check for transferFrom() in _reimburse() , createProxyDelegatorAndTransfer() and transferBetweenDelegators()

Lines of code Vulnerability details Impact there is no sufficient tokens check in reimburse , createProxyDelegatorAndTransfer and transferBetweenDelegators for transferFrom which can lead to unexpected results Proof of Concept from the OZ's ERC1155.sol: from must have a balance of tokens of type ...

CVE-2023-5477

Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. Chromium security severity: Low...

CVE-2023-5487

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: Medium...

Google Chrome Security Vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that originates from an improper implementation in the Extensions API module...

Google Chrome Security Vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that originates from an improper implementation in the Downloads module...

Google Chrome Security Vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that originates from an improper implementation in the Fullscreen module...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 20 security fixes: 1487110 Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18楼梦想改造家 on 2023-09-27 1062251 Medium CVE-2023-5487: Inappropriate implementation in Fullscreen. Reported by Anonymous on 2020-03-17 1414936 Medium...

Google Chrome Security Vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that originates from an improper implementation in the Navigation module...

Mageia: Security Advisory (MGASA-2023-0283)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Stable Channel Update for Desktop

The Stable channel has been updated to 118.0.5993.70 for Mac and Linux and 118.0.5993.70/.71 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. The Extended Stable channel has been updated to 118.0.5993.71 for Windows and...

Improper Provisioning

libzephyr.so is vulnerable to Improper Provisioning. The vulnerability arises from an insecure implementation of the provisionee in the provpubkey function of provdevice.c within the Bluetooth component. If the provisionee has a public key sent out-of-band OOB, it can be sent back during...

[SECURITY] Fedora 38 Update: libspf2-1.2.11-11.20210922git4915c308.fc38

libspf2 is an implementation of the SPF Sender Policy Framework specification as found at: http://www.ietf.org/internet-drafts/draft-mengwong-spf-00.txt SPF allows email systems to check SPF DNS records and make sure that an email is authorized by the administrator of the domain name that it is...

[SECURITY] Fedora 37 Update: libspf2-1.2.11-11.20210922git4915c308.fc37

libspf2 is an implementation of the SPF Sender Policy Framework specification as found at: http://www.ietf.org/internet-drafts/draft-mengwong-spf-00.txt SPF allows email systems to check SPF DNS records and make sure that an email is authorized by the administrator of the domain name that it is...

[SECURITY] Fedora 38 Update: matrix-synapse-1.93.0-2.fc38

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...