Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-1533 (GCVE-0-2023-1533)
Vulnerability from cvelistv5 – Published: 2023-03-21 20:50 – Updated: 2025-02-13 16:39
VLAI?
EPSS
Summary
Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- Use after free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1422183"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-17"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "chrome",
"vendor": "google",
"versions": [
{
"lessThan": "111.0.5563.110",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-1533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T14:23:44.751889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T14:25:33.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "111.0.5563.110",
"status": "affected",
"version": "111.0.5563.110",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T10:07:07.350Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html"
},
{
"url": "https://crbug.com/1422183"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/"
},
{
"url": "https://security.gentoo.org/glsa/202309-17"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-1533",
"datePublished": "2023-03-21T20:50:56.386Z",
"dateReserved": "2023-03-21T00:43:37.065Z",
"dateUpdated": "2025-02-13T16:39:27.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-1533",
"date": "2026-05-20",
"epss": "0.00419",
"percentile": "0.62029"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"111.0.5563.110\", \"matchCriteriaId\": \"F71F8C2B-9C13-4A8B-B404-066DDFF45006\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"}]",
"id": "CVE-2023-1533",
"lastModified": "2024-11-21T07:39:23.177",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2023-03-21T21:15:12.690",
"references": "[{\"url\": \"https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://crbug.com/1422183\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://security.gentoo.org/glsa/202309-17\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://crbug.com/1422183\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://security.gentoo.org/glsa/202309-17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-1533\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2023-03-21T21:15:12.690\",\"lastModified\":\"2024-11-21T07:39:23.177\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"111.0.5563.110\",\"matchCriteriaId\":\"F71F8C2B-9C13-4A8B-B404-066DDFF45006\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1422183\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202309-17\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1422183\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202309-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://crbug.com/1422183\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202309-17\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:49:11.656Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-1533\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-10T14:23:44.751889Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\"], \"vendor\": \"google\", \"product\": \"chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"111.0.5563.110\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-10T14:25:11.830Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"111.0.5563.110\", \"lessThan\": \"111.0.5563.110\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html\"}, {\"url\": \"https://crbug.com/1422183\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/\"}, {\"url\": \"https://security.gentoo.org/glsa/202309-17\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Use after free\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2023-09-30T10:07:07.350Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-1533\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T16:39:27.493Z\", \"dateReserved\": \"2023-03-21T00:43:37.065Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2023-03-21T20:50:56.386Z\", \"assignerShortName\": \"Chrome\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2023-AVI-0251
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 111.0.5563.110 (pour Mac ou Linux)",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 111.0.5563.110/.111 (pour Windows)",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-1530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1530"
},
{
"name": "CVE-2023-1532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1532"
},
{
"name": "CVE-2023-1533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1533"
},
{
"name": "CVE-2023-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1528"
},
{
"name": "CVE-2023-1534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1534"
},
{
"name": "CVE-2023-1529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1529"
},
{
"name": "CVE-2023-1531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1531"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0251",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 21 mars 2023",
"url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html"
}
]
}
CERTFR-2023-AVI-0262
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Edge | Microsoft Edge (Chromium-based) versions antérieures à 111.0.1661.54 | ||
| Microsoft | Windows | Windows Snipping Tool (Windows 11) versions antérieures à 11.2302.20.0 | ||
| Microsoft | Edge | Microsoft Edge (Chromium-based) Extended Stable versions antérieures à 110.0.1587.78 | ||
| Microsoft | Windows | Windows Snip and Sketch (Windows 10) versions antérieures à 10.2008.3001.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge (Chromium-based) versions ant\u00e9rieures \u00e0 111.0.1661.54",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Snipping Tool (Windows 11) versions ant\u00e9rieures \u00e0 11.2302.20.0",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Edge (Chromium-based) Extended Stable versions ant\u00e9rieures \u00e0 110.0.1587.78",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Snip and Sketch (Windows 10) versions ant\u00e9rieures \u00e0 10.2008.3001.0",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-1530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1530"
},
{
"name": "CVE-2023-1532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1532"
},
{
"name": "CVE-2023-1533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1533"
},
{
"name": "CVE-2023-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1528"
},
{
"name": "CVE-2023-28261",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28261"
},
{
"name": "CVE-2023-1534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1534"
},
{
"name": "CVE-2023-1529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1529"
},
{
"name": "CVE-2023-28286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28286"
},
{
"name": "CVE-2023-28303",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28303"
},
{
"name": "CVE-2023-1531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1531"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0262",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nMicrosoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 24 mars 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28261"
}
]
}
CERTFR-2023-AVI-0251
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 111.0.5563.110 (pour Mac ou Linux)",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 111.0.5563.110/.111 (pour Windows)",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-1530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1530"
},
{
"name": "CVE-2023-1532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1532"
},
{
"name": "CVE-2023-1533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1533"
},
{
"name": "CVE-2023-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1528"
},
{
"name": "CVE-2023-1534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1534"
},
{
"name": "CVE-2023-1529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1529"
},
{
"name": "CVE-2023-1531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1531"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0251",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 21 mars 2023",
"url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html"
}
]
}
CERTFR-2023-AVI-0262
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Edge | Microsoft Edge (Chromium-based) versions antérieures à 111.0.1661.54 | ||
| Microsoft | Windows | Windows Snipping Tool (Windows 11) versions antérieures à 11.2302.20.0 | ||
| Microsoft | Edge | Microsoft Edge (Chromium-based) Extended Stable versions antérieures à 110.0.1587.78 | ||
| Microsoft | Windows | Windows Snip and Sketch (Windows 10) versions antérieures à 10.2008.3001.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge (Chromium-based) versions ant\u00e9rieures \u00e0 111.0.1661.54",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Snipping Tool (Windows 11) versions ant\u00e9rieures \u00e0 11.2302.20.0",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Edge (Chromium-based) Extended Stable versions ant\u00e9rieures \u00e0 110.0.1587.78",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Snip and Sketch (Windows 10) versions ant\u00e9rieures \u00e0 10.2008.3001.0",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-1530",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1530"
},
{
"name": "CVE-2023-1532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1532"
},
{
"name": "CVE-2023-1533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1533"
},
{
"name": "CVE-2023-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1528"
},
{
"name": "CVE-2023-28261",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28261"
},
{
"name": "CVE-2023-1534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1534"
},
{
"name": "CVE-2023-1529",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1529"
},
{
"name": "CVE-2023-28286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28286"
},
{
"name": "CVE-2023-28303",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28303"
},
{
"name": "CVE-2023-1531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1531"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0262",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nMicrosoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 24 mars 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28261"
}
]
}
BDU:2023-01618
Vulnerability from fstec - Published: 21.03.2023
VLAI Severity ?
Title
Уязвимость компонента WebProtect браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Description
Уязвимость компонента WebProtect браузера Google Chrome связана с использованием памяти после ее освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании или выполнить произвольный код с помощью специально созданной HTML-страницы
Severity ?
Vendor
ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, Novell Inc., Google Inc, АО "НППКТ"
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, openSUSE Tumbleweed, Google Chrome, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), - (openSUSE Tumbleweed), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 111.0.5563.110 (Google Chrome), до 2.8 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для Google Chrome:
https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html
Для OpenSUSE Tumbleweed:
https://www.suse.com/security/cve/CVE-2023-1533.html
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-1533
Для Astra Linux 1.6 «Смоленск»:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20230525SE16MD
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения chromium до версии 115.0.5790.98+repack-1~deb11u1.osnova1
Для ОС Astra Linux Special Edition для архитектуры ARM 4.7:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47
Для Astra Linux 1.6 «Смоленск»:
обновить пакет chromium до 1:119.0.6045.199-0astragost0+ci202311302128+astra6 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
Reference
https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html
https://safe-surf.ru/specialists/news/691111/
https://www.cybersecurity-help.cz/vdb/SB2023032402
https://crbug.com/1422183
https://www.suse.com/security/cve/CVE-2023-1533.html
https://security-tracker.debian.org/tracker/CVE-2023-1533
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20230525SE16MD
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
CWE
CWE-416
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., Google Inc, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), - (openSUSE Tumbleweed), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 111.0.5563.110 (Google Chrome), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Google Chrome:\nhttps://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html\n\n\u0414\u043b\u044f OpenSUSE Tumbleweed:\nhttps://www.suse.com/security/cve/CVE-2023-1533.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-1533\n\n\u0414\u043b\u044f Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20230525SE16MD\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 115.0.5790.98+repack-1~deb11u1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM 4.7:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47\n\n\u0414\u043b\u044f Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 1:119.0.6045.199-0astragost0+ci202311302128+astra6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.03.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "26.12.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.03.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-01618",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-1533",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, openSUSE Tumbleweed, Google Chrome, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. openSUSE Tumbleweed - , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 WebProtect \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 WebProtect \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html\nhttps://safe-surf.ru/specialists/news/691111/ \nhttps://www.cybersecurity-help.cz/vdb/SB2023032402\nhttps://crbug.com/1422183\nhttps://www.suse.com/security/cve/CVE-2023-1533.html\nhttps://security-tracker.debian.org/tracker/CVE-2023-1533\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20230525SE16MD\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CNVD-2023-65163
Vulnerability from cnvd - Published: 2023-08-29
VLAI Severity ?
Title
Google Chrome内存错误引用漏洞(CNVD-2023-65163)
Description
Google Chrome是美国谷歌(Google)公司的一款Web浏览器。
Google Chrome 111.0.5563.110之前版本存在内存错误引用漏洞,该漏洞源于WebProtect程序负责释放内存的指令发生混乱。攻击者可利用该漏洞通过精心设计的HTML页面潜在地利用堆损坏。
Severity
高
Patch Name
Google Chrome内存错误引用漏洞(CNVD-2023-65163)的补丁
Patch Description
Google Chrome是美国谷歌(Google)公司的一款Web浏览器。
Google Chrome 111.0.5563.110之前版本存在内存错误引用漏洞,该漏洞源于WebProtect程序负责释放内存的指令发生混乱。攻击者可利用该漏洞通过精心设计的HTML页面潜在地利用堆损坏。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-1533
Impacted products
| Name | Google Chrome <111.0.5563.110 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-1533",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-1533"
}
},
"description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\n\nGoogle Chrome 111.0.5563.110\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eWebProtect\u7a0b\u5e8f\u8d1f\u8d23\u91ca\u653e\u5185\u5b58\u7684\u6307\u4ee4\u53d1\u751f\u6df7\u4e71\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u8bbe\u8ba1\u7684HTML\u9875\u9762\u6f5c\u5728\u5730\u5229\u7528\u5806\u635f\u574f\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-65163",
"openTime": "2023-08-29",
"patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome 111.0.5563.110\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eWebProtect\u7a0b\u5e8f\u8d1f\u8d23\u91ca\u653e\u5185\u5b58\u7684\u6307\u4ee4\u53d1\u751f\u6df7\u4e71\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u8bbe\u8ba1\u7684HTML\u9875\u9762\u6f5c\u5728\u5730\u5229\u7528\u5806\u635f\u574f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Chrome\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2023-65163\uff09\u7684\u8865\u4e01",
"products": {
"product": "Google Chrome \u003c111.0.5563.110"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2023-1533",
"serverity": "\u9ad8",
"submitTime": "2023-03-23",
"title": "Google Chrome\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2023-65163\uff09"
}
FKIE_CVE-2023-1533
Vulnerability from fkie_nvd - Published: 2023-03-21 21:15 - Updated: 2024-11-21 07:39
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F71F8C2B-9C13-4A8B-B404-066DDFF45006",
"versionEndExcluding": "111.0.5563.110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"id": "CVE-2023-1533",
"lastModified": "2024-11-21T07:39:23.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-21T21:15:12.690",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/1422183"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202309-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/1422183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202309-17"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-WPM2-8R6C-W3C6
Vulnerability from github – Published: 2023-03-21 21:30 – Updated: 2024-10-10 18:31
VLAI?
Details
Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2023-1533"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-21T21:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-wpm2-8r6c-w3c6",
"modified": "2024-10-10T18:31:06Z",
"published": "2023-03-21T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1533"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1422183"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202309-17"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-1533
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-1533",
"id": "GSD-2023-1533"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-1533"
],
"details": "Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GSD-2023-1533",
"modified": "2023-12-13T01:20:41.487623Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2023-1533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "111.0.5563.110",
"version_value": "111.0.5563.110"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html"
},
{
"name": "https://crbug.com/1422183",
"refsource": "MISC",
"url": "https://crbug.com/1422183"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/"
},
{
"name": "https://security.gentoo.org/glsa/202309-17",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/202309-17"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "111.0.5563.110",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2023-1533"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/1422183",
"refsource": "MISC",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/1422183"
},
{
"name": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"refsource": "MISC",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
"refsource": "MISC",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/",
"refsource": "MISC",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/"
},
{
"name": "https://security.gentoo.org/glsa/202309-17",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202309-17"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-10-20T20:47Z",
"publishedDate": "2023-03-21T21:15Z"
}
}
}
OPENSUSE-SU-2023:0082-1
Vulnerability from csaf_opensuse - Published: 2023-03-27 11:03 - Updated: 2023-03-27 11:03Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
Chromium 111.0.5563.110 (boo#1209598)
* CVE-2023-1528: Use after free in Passwords
* CVE-2023-1529: Out of bounds memory access in WebHID
* CVE-2023-1530: Use after free in PDF
* CVE-2023-1531: Use after free in ANGLE
* CVE-2023-1532: Out of bounds read in GPU Video
* CVE-2023-1533: Use after free in WebProtect
* CVE-2023-1534: Out of bounds read in ANGLE
Patchnames: openSUSE-2023-82
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nChromium 111.0.5563.110 (boo#1209598)\n\n* CVE-2023-1528: Use after free in Passwords\n* CVE-2023-1529: Out of bounds memory access in WebHID\n* CVE-2023-1530: Use after free in PDF\n* CVE-2023-1531: Use after free in ANGLE\n* CVE-2023-1532: Out of bounds read in GPU Video\n* CVE-2023-1533: Use after free in WebProtect\n* CVE-2023-1534: Out of bounds read in ANGLE\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2023-82",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0082-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2023:0082-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BXFHGWCXJ3GTZK2YAA76OHYE23SKK6XY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2023:0082-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BXFHGWCXJ3GTZK2YAA76OHYE23SKK6XY/"
},
{
"category": "self",
"summary": "SUSE Bug 1209598",
"url": "https://bugzilla.suse.com/1209598"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1528 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1528/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1529 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1529/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1530 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1530/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1531 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1531/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1532 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1532/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1533 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1534 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1534/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2023-03-27T11:03:36Z",
"generator": {
"date": "2023-03-27T11:03:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2023:0082-1",
"initial_release_date": "2023-03-27T11:03:36Z",
"revision_history": [
{
"date": "2023-03-27T11:03:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"product": {
"name": "chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"product_id": "chromedriver-111.0.5563.110-bp154.2.76.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"product": {
"name": "chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"product_id": "chromium-111.0.5563.110-bp154.2.76.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"product": {
"name": "chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"product_id": "chromedriver-111.0.5563.110-bp154.2.76.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"product": {
"name": "chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"product_id": "chromium-111.0.5563.110-bp154.2.76.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP4",
"product": {
"name": "SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64"
},
"product_reference": "chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64"
},
"product_reference": "chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-111.0.5563.110-bp154.2.76.1.aarch64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64"
},
"product_reference": "chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-111.0.5563.110-bp154.2.76.1.x86_64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
},
"product_reference": "chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-111.0.5563.110-bp154.2.76.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64"
},
"product_reference": "chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-111.0.5563.110-bp154.2.76.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64"
},
"product_reference": "chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-111.0.5563.110-bp154.2.76.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64"
},
"product_reference": "chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-111.0.5563.110-bp154.2.76.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
},
"product_reference": "chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-1528",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1528"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1528",
"url": "https://www.suse.com/security/cve/CVE-2023-1528"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1528",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-27T11:03:36Z",
"details": "critical"
}
],
"title": "CVE-2023-1528"
},
{
"cve": "CVE-2023-1529",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1529"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1529",
"url": "https://www.suse.com/security/cve/CVE-2023-1529"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1529",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-27T11:03:36Z",
"details": "critical"
}
],
"title": "CVE-2023-1529"
},
{
"cve": "CVE-2023-1530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1530"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1530",
"url": "https://www.suse.com/security/cve/CVE-2023-1530"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1530",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-27T11:03:36Z",
"details": "critical"
}
],
"title": "CVE-2023-1530"
},
{
"cve": "CVE-2023-1531",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1531"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1531",
"url": "https://www.suse.com/security/cve/CVE-2023-1531"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1531",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-27T11:03:36Z",
"details": "critical"
}
],
"title": "CVE-2023-1531"
},
{
"cve": "CVE-2023-1532",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1532"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1532",
"url": "https://www.suse.com/security/cve/CVE-2023-1532"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1532",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-27T11:03:36Z",
"details": "critical"
}
],
"title": "CVE-2023-1532"
},
{
"cve": "CVE-2023-1533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1533"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1533",
"url": "https://www.suse.com/security/cve/CVE-2023-1533"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1533",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-27T11:03:36Z",
"details": "critical"
}
],
"title": "CVE-2023-1533"
},
{
"cve": "CVE-2023-1534",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1534"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1534",
"url": "https://www.suse.com/security/cve/CVE-2023-1534"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1534",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromedriver-111.0.5563.110-bp154.2.76.1.x86_64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.aarch64",
"openSUSE Leap 15.4:chromium-111.0.5563.110-bp154.2.76.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-27T11:03:36Z",
"details": "critical"
}
],
"title": "CVE-2023-1534"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…