CVE-2023-4908

CVE-2023-4908: In Google Chrome/Chromium, an inappropriate implementation in Picture-in-Picture allowed a remote attacker to spoof the security UI via a crafted HTML page. Affected versions are prior to 117.0.5938.62 (Chrome/Chromium). The issue is rated Low severity by the Chromium/Chrome ecosys...

CVE-2023-4909

CVE-2023-4909 describes an Inappropriate implementation in Interstitials in Google Chrome/Chromium prior to 117.0.5938.62 that allows a remote attacker to obfuscate the security UI via a crafted HTML page. The issue is documented across multiple sources (Chromium/Chrome advisories, Debian securit...

CVE-2023-4907

Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Low...

CVE-2023-4905

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4903

Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4901

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4900

CVE-2023-4900 affects Google Chrome/Chromium family (Android Chrome prior to 117.0.5938.62) where an inappropriate implementation in Custom Tabs allows a remote attacker to obfuscate a permission prompt via a crafted HTML page. Connected advisories indicate this is one of multiple Chromium issues...

CVE-2023-4901

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4903

CVE-2023-4903 concerns Google Chrome on Android before 117.0.5938.62, where Inappropriate implementation in Custom Mobile Tabs allowed a remote attacker to spoof security UI via a crafted HTML page. The linked sources confirm this is a Chromium-derived issue affecting Chrome/Chromium and related ...

CVE-2023-4902

CVE-2023-4902 affects Google Chrome and Chromium. The issue is an inappropriate implementation in Input that lets a remote attacker spoof security UI via a crafted HTML page. Root cause: flawed handling in the Input module prior to version 117.0.5938.62. Impact: spoofed UI could mislead users; ex...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 117.0.5938.62, which stems from an improper implementation of the Input module. An attacker can exploit the vulnerability to bypass security restrictions...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from an improper implementation of the Prompts module. An attacker can exploit the vulnerability to bypass security restrictions...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from an improper implementation of the Prompts module. An attacker can exploit the vulnerability to bypass security restrictions...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update includes 16 security fixes: 1479274 Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture SEAR and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06 1430867 Medium CVE-2023-4900:...

RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack

Impact An issue was found in RKE2 where an attacker with network access to RKE2 servers' supervisor port TCP 9345 can force the TLS server to add entries to the certificate's Subject Alternative Name SAN list, through a stuffing attack, until the certificate grows so large that it exceeds the...

MGASA-2023-0253 Updated openssl packages fix security vulnerability

AES-SIV implementation ignores empty associated data entries. CVE-2023-2975 Excessive time spent checking DH keys and parameters. CVE-2023-3446 Excessive time spent checking DH q parameter value. CVE-2023-3817...

Updated openssl packages fix security vulnerability

AES-SIV implementation ignores empty associated data entries. CVE-2023-2975 Excessive time spent checking DH keys and parameters. CVE-2023-3446 Excessive time spent checking DH q parameter value. CVE-2023-3817...

GHSA-3Q5P-3558-364F Fiber unauthorized access vulnerability in `ctx.IsFromLocal()`

Impact This vulnerability can be categorized as a security misconfiguration. It impacts users of our project who rely on the ctx.IsFromLocal method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. In it's...

Incorrect Control Flow Implementation

Electron is vulnerable to Incorrect Control Flow Implementation. The vulnerability is caused by not respecting a Content-Security-Policy CSP in renderers that have sandbox disabled i.e: sandbox:false. This can result in usage of methods like eval and new Function unexpectedly which can result in ...

The vulnerability of Google GRPC’s remote procedure call system lies in insufficient input validation and improper implementation of functions, allowing attackers to trigger service failures.

The vulnerability of Google GRPC process callouts is related to insufficient validation of input data and improper implementation of functions. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...