Astra Linux - уязвимость в chromium

The use of “after free” in the Side Panel in Google Chrome before version 119.0.6045.105 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

The use of “after free” in the Side Panel Search in Google Chrome before version 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through those interactions. Chromium security severity: High...

GHSA-7G95-JMG9-H524 Jenkins cross-site request forgery (CSRF) vulnerability

Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not require POST requests for the HTTP endpoint toggling collapsed/expanded status of sidepanel widgets e.g., Build Queue and Build Executor Status widgets, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability...

ROS-20240329-07

A vulnerability in the Picture-in-Picture PiP technology of the Google Chrome browser is related to errors in the presentation of errors in the presentation of information by the user interface. Exploitation of the vulnerability could allow an attacker, acting remotely, to conduct spoofing attack...

ROS-20240328-15

A vulnerability in the Web Browser UI of Google Chrome and Microsoft Edge browsers is related to incorrectly implemented security checks for standard elements. implemented security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to conduct...

openSUSE Security Advisory (openSUSE-SU-2024:0020-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202402-14 : QtWebEngine: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-14 QtWebEngine: Multiple Vulnerabilities - Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium...

Stable Channel Update for ChromeOS / ChromeOS Flex

Hello All, The Stable channel is being updated to 120.0.6099.203 Platform version: 15662.64.0 for most ChromeOS devices and will be rolled out over the next few days. If you find new issues, please let us know one of the following ways: File a bug Visit our Chrome OS communities General: Chromebo...

MGASA-2023-0355 New chromium-browser-stable 120.0.6099.129 fixes bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 120.0.6099.129 release, fixing bugs and 20 vulnerabilities, together with 120.0.6099.109, 120.0.6099.71 and 120.0.6099.62; some of them are listed below. High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy...

FreeBSD : chromium -- multiple security fixes (4405e9ad-97fe-11ee-86bb-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 4405e9ad-97fe-11ee-86bb-a8a1599412c6 advisory. - Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote...

The vulnerability of the Search control function for the “Side Panel” in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability of the “Side Panel” control element search function in Google Chrome and Microsoft Edge browsers is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Use After Free

Chromium is vulnerable to Use After Free. The vulnerability is due to improper memory management in Side Panel Search in Google Chrome. This allows an attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction...

Debian DSA-5573-1 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5573 advisory. Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. For the...

Chromium: CVE-2023-6509 Use after free in Side Panel Search

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Google Chrome Security Update (stable-channel-update-for-desktop-2023-12) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Microsoft Edge (Chromium) < 120.0.2210.61 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.61. It is, therefore, affected by multiple vulnerabilities as referenced in the December 7, 2023 advisory. - Microsoft Edge Chromium-based Elevation of Privilege Vulnerability CVE-2023-35618 - Microsoft Edge...

CVE-2023-6509

Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. Chromium security severity: High...

DEBIAN-CVE-2023-6509

Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. Chromium security severity: High...

Design/Logic Flaw

Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. Chromium security severity: High...

CVE-2023-6509

CVE-2023-6509 describes a Use-After-Free vulnerability in Chrome/Chromium's Side Panel Search, where handling of specific UI interactions could lead to heap corruption. Affected product: Google Chrome/Chromium browsers (Chromium-based). Root cause: use-after-free in the Side Panel Search componen...