openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0216-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0216-1 advisory. - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page...

HTTP Request Smuggling

protocol-http1 is vulnerable to HTTP Request Smuggling. The vulnerability exists in the read function of chunked.rb due to improper HTTP/1 implementation based on the RFC spec, such as allowing Content-Length header values with a + or 0x prefix, which can lead to HTTP request smuggling and firewa...

Authorization Bypass

chromium is vulnerable to Authorization Bypass. The vulnerability exists due to the inappropriate implementation in the prompts in the library, which allows an attacker to bypass permission restrictions via a crafted HTML page...

_computeAvailable() the calculations are wrong

Lines of code Vulnerability details Impact computeAvailable incorrect calculations that result in a return value greater than the current balance, causing methods such as liquidate to fail Proof of Concept VaultBooster.computeAvailable used to count the number of tokens currently available There...

VaultBoosterFactory allows deployment of VaultBooster with phoney PrizePool

Lines of code Vulnerability details Impact A malicious VaultBooster can be deployed via VaultBoosterFactory contract. Users may lose funds while interacting with such VaultBooster. File: src/VaultBoosterFactory.sol function createVaultBoosterPrizePool prizePool, address vault, address owner...

Microsoft Edge (Chromium) < 114.0.1823.106 / 115.0.1901.200 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.106 / 115.0.1901.200. It is, therefore, affected by multiple vulnerabilities as referenced in the August 7, 2023 advisory. - Microsoft Edge Chromium-based Security Feature Bypass Vulnerability CVE-2023-38157...

CVE-2022-4955

CVE-2022-4955 concerns Google Chrome before 108.0.5359.71, where an improper DevTools implementation could allow a user who installs a crafted extension via a malicious HTML page to bypass file access restrictions. The vulnerability stems from DevTools behavior and enables an attacker to exploit ...

FreeBSD : chromium -- multiple vulnerabilities (6e4e8e87-9fb8-4e32-9f8e-9b4303f4bfd5)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6e4e8e87-9fb8-4e32-9f8e-9b4303f4bfd5 advisory. - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to...

Incorrect implementation of solvent() modifier

Lines of code Vulnerability details Impact In Market.sol, solvent modifier is given as below, modifier solventaddress from updateExchangeRate; accrue; ; requireisSolventfrom, exchangeRate, "Market: insolvent"; Here the modifier has used the accrue directly, however while the functions being used ...

CVE-2023-4078

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...

Design/Logic Flaw

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2023-26451

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

Authorization

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

CVE-2023-26451

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

Google Chrome < 115.0.5790.170 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 115.0.5790.170. It is, therefore, affected by multiple vulnerabilities as referenced in the 202308stable-channel-update-for-desktop advisory. - Inappropriate implementation in Extensions in Google Chrome prior to...

Google Chrome < 115.0.5790.170 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 115.0.5790.170. It is, therefore, affected by multiple vulnerabilities as referenced in the 202308stable-channel-update-for-desktop advisory. - Inappropriate implementation in Extensions in Google Chrome prior to...

MTE As Implemented, Part 2: Mitigation Case Studies

By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE Memory Tagging Extensions. In Part 1 we discussed testing the technical and implementation limitations of MTE on the hardware...

MTE As Implemented, Part 1: Implementation Testing

By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE Memory Tagging Extensions. Through mid-2022 and early 2023, Project Zero had access to pre-production hardware implementing thi...

MTE As Implemented, Part 3: The Kernel

By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE Memory Tagging Extensions. In Part 1 we discussed testing the technical and implementation limitations of MTE on the hardware...

CVE-2023-3737

Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. Chromium security severity: Medium...