Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-2459 (GCVE-0-2023-2459)
Vulnerability from cvelistv5 – Published: 2023-05-02 23:47 – Updated: 2025-02-13 16:44
VLAI?
EPSS
Summary
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
No CVSS data available.
CWE
- Inappropriate implementation
Assigner
References
7 references
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:08.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1423304"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5398"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-17"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T16:19:06.553260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T16:19:17.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "113.0.5672.63",
"status": "affected",
"version": "113.0.5672.63",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-30T10:07:42.865Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1423304"
},
{
"url": "https://www.debian.org/security/2023/dsa-5398"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/"
},
{
"url": "https://security.gentoo.org/glsa/202309-17"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-2459",
"datePublished": "2023-05-02T23:47:57.424Z",
"dateReserved": "2023-05-01T23:09:49.131Z",
"dateUpdated": "2025-02-13T16:44:20.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-2459",
"date": "2026-05-20",
"epss": "0.00019",
"percentile": "0.05382"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"113.0.5672.63\", \"matchCriteriaId\": \"596181BB-BA6F-479A-8F13-D5D97774B779\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)\"}]",
"id": "CVE-2023-2459",
"lastModified": "2024-11-21T07:58:39.497",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
"published": "2023-05-03T00:15:08.803",
"references": "[{\"url\": \"https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://crbug.com/1423304\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://security.gentoo.org/glsa/202309-17\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5398\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://crbug.com/1423304\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://security.gentoo.org/glsa/202309-17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5398\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-2459\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2023-05-03T00:15:08.803\",\"lastModified\":\"2024-11-21T07:58:39.497\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"113.0.5672.63\",\"matchCriteriaId\":\"596181BB-BA6F-479A-8F13-D5D97774B779\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://crbug.com/1423304\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202309-17\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5398\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://crbug.com/1423304\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202309-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5398\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://crbug.com/1423304\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5398\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202309-17\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T06:26:08.878Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-2459\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-07T16:19:06.553260Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-07T16:19:13.497Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"113.0.5672.63\", \"lessThan\": \"113.0.5672.63\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html\"}, {\"url\": \"https://crbug.com/1423304\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5398\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/\"}, {\"url\": \"https://security.gentoo.org/glsa/202309-17\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Inappropriate implementation\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2023-05-02T23:47:57.424Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-2459\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-07T16:19:17.774Z\", \"dateReserved\": \"2023-05-01T23:09:49.131Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2023-05-02T23:47:57.424Z\", \"assignerShortName\": \"Chrome\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2023-AVI-0350
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Chrome versions ant\u00e9rieures \u00e0 113.0.5672.63/.64 sur Windows",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Chrome versions ant\u00e9rieures \u00e0 113.0.5672.63 sur Linux et Mac",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-2468",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2468"
},
{
"name": "CVE-2023-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2466"
},
{
"name": "CVE-2023-2463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2463"
},
{
"name": "CVE-2023-2465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2465"
},
{
"name": "CVE-2023-2467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2467"
},
{
"name": "CVE-2023-2459",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2459"
},
{
"name": "CVE-2023-2460",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2460"
},
{
"name": "CVE-2023-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2462"
},
{
"name": "CVE-2023-2461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2461"
},
{
"name": "CVE-2023-2464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2464"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0350",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 02 mai 2023",
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html"
}
]
}
CERTFR-2023-AVI-0364
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge Extended Stable versions ant\u00e9rieures \u00e0 112.0.1722.71",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Edge Stable versions ant\u00e9rieures \u00e0 113.0.1774.35",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-2468",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2468"
},
{
"name": "CVE-2023-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2466"
},
{
"name": "CVE-2023-29354",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29354"
},
{
"name": "CVE-2023-2463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2463"
},
{
"name": "CVE-2023-2465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2465"
},
{
"name": "CVE-2023-2467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2467"
},
{
"name": "CVE-2023-2459",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2459"
},
{
"name": "CVE-2023-2460",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2460"
},
{
"name": "CVE-2023-29350",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29350"
},
{
"name": "CVE-2023-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2462"
},
{
"name": "CVE-2023-2464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2464"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0364",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2462 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2462"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2459 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2459"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2464 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2464"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2467 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2467"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2465 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2465"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2466 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2466"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29350 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29350"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2460 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2460"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2468 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2468"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2463 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2463"
}
]
}
CERTFR-2023-AVI-0350
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Chrome versions ant\u00e9rieures \u00e0 113.0.5672.63/.64 sur Windows",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Chrome versions ant\u00e9rieures \u00e0 113.0.5672.63 sur Linux et Mac",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-2468",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2468"
},
{
"name": "CVE-2023-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2466"
},
{
"name": "CVE-2023-2463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2463"
},
{
"name": "CVE-2023-2465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2465"
},
{
"name": "CVE-2023-2467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2467"
},
{
"name": "CVE-2023-2459",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2459"
},
{
"name": "CVE-2023-2460",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2460"
},
{
"name": "CVE-2023-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2462"
},
{
"name": "CVE-2023-2461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2461"
},
{
"name": "CVE-2023-2464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2464"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0350",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 02 mai 2023",
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html"
}
]
}
CERTFR-2023-AVI-0364
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge Extended Stable versions ant\u00e9rieures \u00e0 112.0.1722.71",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Edge Stable versions ant\u00e9rieures \u00e0 113.0.1774.35",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-2468",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2468"
},
{
"name": "CVE-2023-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2466"
},
{
"name": "CVE-2023-29354",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29354"
},
{
"name": "CVE-2023-2463",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2463"
},
{
"name": "CVE-2023-2465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2465"
},
{
"name": "CVE-2023-2467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2467"
},
{
"name": "CVE-2023-2459",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2459"
},
{
"name": "CVE-2023-2460",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2460"
},
{
"name": "CVE-2023-29350",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29350"
},
{
"name": "CVE-2023-2462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2462"
},
{
"name": "CVE-2023-2464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2464"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0364",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2462 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2462"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2459 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2459"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2464 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2464"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2467 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2467"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2465 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2465"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2466 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2466"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29350 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29350"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2460 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2460"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2468 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2468"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-2463 du 05 mai 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2463"
}
]
}
BDU:2023-02389
Vulnerability from fstec - Published: 02.05.2023
VLAI Severity ?
Title
Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности
Description
Уязвимость компонента Prompts браузера Google Chrome связана с некорректно реализованной проверкой безопасности для стандартных элементов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти ограничения безопасности с помощью специально созданной HTML-страницы
Severity ?
Vendor
ООО «РусБИТех-Астра», Google Inc, АО "НППКТ"
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Google Chrome, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 113.0.5672.63 (Google Chrome), до 2.8 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html
Для Astra Linux 1.6 «Смоленск»:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20230525SE16MD
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения chromium до версии 115.0.5790.98+repack-1~deb11u1.osnova1
Для ОС Astra Linux Special Edition для архитектуры ARM 4.7:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47
Для Astra Linux 1.6 «Смоленск»:
обновить пакет chromium до 1:119.0.6045.199-0astragost0+ci202311302128+astra6 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
Reference
https://www.cybersecurity-help.cz/vdb/SB2023050250
https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html
https://crbug.com/1423304
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20230525SE16MD
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
CWE
CWE-358
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO237, TO238, TO268, TO269",
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO237 \u041f\u0430\u043a\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f Microsoft Edge \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (\u0441\u0431\u043e\u0440\u043a\u0430 113.0.1774.35), TO238 \u041f\u0430\u043a\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f Microsoft Edge (Web View 2 Runtime \u0432\u0435\u0440\u0441\u0438\u0438 113 Update) \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (\u0441\u0431\u043e\u0440\u043a\u0430 113.0.1774.35), TO268 \u041f\u0430\u043a\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f Microsoft Edge, TO269 \u041f\u0430\u043a\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f Microsoft Edge",
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Google Inc, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 113.0.5672.63 (Google Chrome), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html\n\n\u0414\u043b\u044f Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20230525SE16MD\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 115.0.5790.98+repack-1~deb11u1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM 4.7:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47\n\n\u0414\u043b\u044f Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 1:119.0.6045.199-0astragost0+ci202311302128+astra6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.05.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "26.12.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.05.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-02389",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-2459",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Google Chrome, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Prompts \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 (CWE-358)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Prompts \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cybersecurity-help.cz/vdb/SB2023050250\nhttps://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html\nhttps://crbug.com/1423304\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20230525SE16MD\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0630SE17MD\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0907SE47\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-358",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}
FKIE_CVE-2023-2459
Vulnerability from fkie_nvd - Published: 2023-05-03 00:15 - Updated: 2024-11-21 07:58
Severity ?
Summary
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "596181BB-BA6F-479A-8F13-D5D97774B779",
"versionEndExcluding": "113.0.5672.63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"id": "CVE-2023-2459",
"lastModified": "2024-11-21T07:58:39.497",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-03T00:15:08.803",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
],
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://crbug.com/1423304"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202309-17"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://crbug.com/1423304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202309-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5398"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-F7Q6-9J7X-VRPP
Vulnerability from github – Published: 2023-05-03 00:30 – Updated: 2024-04-04 03:46
VLAI?
Details
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-2459"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-03T00:15:08Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GHSA-f7q6-9j7x-vrpp",
"modified": "2024-04-04T03:46:55Z",
"published": "2023-05-03T00:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2459"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1423304"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202309-17"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5398"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2023-2459
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-2459",
"id": "GSD-2023-2459"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-2459"
],
"details": "Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)",
"id": "GSD-2023-2459",
"modified": "2023-12-13T01:20:32.275011Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2023-2459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "113.0.5672.63",
"version_value": "113.0.5672.63"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/1423304",
"refsource": "MISC",
"url": "https://crbug.com/1423304"
},
{
"name": "https://www.debian.org/security/2023/dsa-5398",
"refsource": "MISC",
"url": "https://www.debian.org/security/2023/dsa-5398"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/"
},
{
"name": "https://security.gentoo.org/glsa/202309-17",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/202309-17"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "113.0.5672.63",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2023-2459"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/1423304",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://crbug.com/1423304"
},
{
"name": "https://www.debian.org/security/2023/dsa-5398",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5398"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/",
"refsource": "MISC",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/",
"refsource": "MISC",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/",
"refsource": "MISC",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/"
},
{
"name": "https://security.gentoo.org/glsa/202309-17",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202309-17"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-10-20T20:54Z",
"publishedDate": "2023-05-03T00:15Z"
}
}
}
OPENSUSE-SU-2023:0117-1
Vulnerability from csaf_opensuse - Published: 2023-05-31 14:40 - Updated: 2023-05-31 14:40Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
- build with llvm15 on Leap
- Chromium 113.0.5672.126 (boo#1211442):
* CVE-2023-2721: Use after free in Navigation
* CVE-2023-2722: Use after free in Autofill UI
* CVE-2023-2723: Use after free in DevTools
* CVE-2023-2724: Type Confusion in V8
* CVE-2023-2725: Use after free in Guest View
* CVE-2023-2726: Inappropriate implementation in WebApp Installs
* Various fixes from internal audits, fuzzing and other initiatives
- Chromium 113.0.5672.92 (boo#1211211)
- Multiple security fixes (boo#1211036):
* CVE-2023-2459: Inappropriate implementation in Prompts
* CVE-2023-2460: Insufficient validation of untrusted input in Extensions
* CVE-2023-2461: Use after free in OS Inputs
* CVE-2023-2462: Inappropriate implementation in Prompts
* CVE-2023-2463: Inappropriate implementation in Full Screen Mode
* CVE-2023-2464: Inappropriate implementation in PictureInPicture
* CVE-2023-2465: Inappropriate implementation in CORS
* CVE-2023-2466: Inappropriate implementation in Prompts
* CVE-2023-2467: Inappropriate implementation in Prompts
* CVE-2023-2468: Inappropriate implementation in PictureInPicture
Patchnames: openSUSE-2023-117
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
55 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\n- build with llvm15 on Leap\n\n- Chromium 113.0.5672.126 (boo#1211442):\n * CVE-2023-2721: Use after free in Navigation\n * CVE-2023-2722: Use after free in Autofill UI\n * CVE-2023-2723: Use after free in DevTools\n * CVE-2023-2724: Type Confusion in V8\n * CVE-2023-2725: Use after free in Guest View\n * CVE-2023-2726: Inappropriate implementation in WebApp Installs\n * Various fixes from internal audits, fuzzing and other initiatives\n\n- Chromium 113.0.5672.92 (boo#1211211)\n- Multiple security fixes (boo#1211036):\n * CVE-2023-2459: Inappropriate implementation in Prompts\n * CVE-2023-2460: Insufficient validation of untrusted input in Extensions\n * CVE-2023-2461: Use after free in OS Inputs\n * CVE-2023-2462: Inappropriate implementation in Prompts\n * CVE-2023-2463: Inappropriate implementation in Full Screen Mode\n * CVE-2023-2464: Inappropriate implementation in PictureInPicture\n * CVE-2023-2465: Inappropriate implementation in CORS\n * CVE-2023-2466: Inappropriate implementation in Prompts\n * CVE-2023-2467: Inappropriate implementation in Prompts\n * CVE-2023-2468: Inappropriate implementation in PictureInPicture\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2023-117",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0117-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2023:0117-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O7WSJFJTBCMXOOKGPURTAJETTJFNN6NP/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2023:0117-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O7WSJFJTBCMXOOKGPURTAJETTJFNN6NP/"
},
{
"category": "self",
"summary": "SUSE Bug 1211036",
"url": "https://bugzilla.suse.com/1211036"
},
{
"category": "self",
"summary": "SUSE Bug 1211211",
"url": "https://bugzilla.suse.com/1211211"
},
{
"category": "self",
"summary": "SUSE Bug 1211442",
"url": "https://bugzilla.suse.com/1211442"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2459 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2460 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2461 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2462 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2463 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2464 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2465 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2466 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2467 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2468 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2721 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2722 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2723 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2724 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2725 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2726 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2726/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2023-05-31T14:40:39Z",
"generator": {
"date": "2023-05-31T14:40:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2023:0117-1",
"initial_release_date": "2023-05-31T14:40:39Z",
"revision_history": [
{
"date": "2023-05-31T14:40:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"product": {
"name": "chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"product_id": "chromedriver-113.0.5672.126-bp154.2.87.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"product": {
"name": "chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"product_id": "chromium-113.0.5672.126-bp154.2.87.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP4",
"product": {
"name": "SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64"
},
"product_reference": "chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-113.0.5672.126-bp154.2.87.1.x86_64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
},
"product_reference": "chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-113.0.5672.126-bp154.2.87.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64"
},
"product_reference": "chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-113.0.5672.126-bp154.2.87.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
},
"product_reference": "chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2459"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2459",
"url": "https://www.suse.com/security/cve/CVE-2023-2459"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2459",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2459"
},
{
"cve": "CVE-2023-2460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2460"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2460",
"url": "https://www.suse.com/security/cve/CVE-2023-2460"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2460",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2460"
},
{
"cve": "CVE-2023-2461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2461"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2461",
"url": "https://www.suse.com/security/cve/CVE-2023-2461"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2461",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2461"
},
{
"cve": "CVE-2023-2462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2462"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2462",
"url": "https://www.suse.com/security/cve/CVE-2023-2462"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2462",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2462"
},
{
"cve": "CVE-2023-2463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2463"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2463",
"url": "https://www.suse.com/security/cve/CVE-2023-2463"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2463",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2463"
},
{
"cve": "CVE-2023-2464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2464"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2464",
"url": "https://www.suse.com/security/cve/CVE-2023-2464"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2464",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2464"
},
{
"cve": "CVE-2023-2465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2465"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2465",
"url": "https://www.suse.com/security/cve/CVE-2023-2465"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2465",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2465"
},
{
"cve": "CVE-2023-2466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2466"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2466",
"url": "https://www.suse.com/security/cve/CVE-2023-2466"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2466",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2466"
},
{
"cve": "CVE-2023-2467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2467"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2467",
"url": "https://www.suse.com/security/cve/CVE-2023-2467"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2467",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2467"
},
{
"cve": "CVE-2023-2468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2468"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2468",
"url": "https://www.suse.com/security/cve/CVE-2023-2468"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2468",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2468"
},
{
"cve": "CVE-2023-2721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2721"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2721",
"url": "https://www.suse.com/security/cve/CVE-2023-2721"
},
{
"category": "external",
"summary": "SUSE Bug 1211442 for CVE-2023-2721",
"url": "https://bugzilla.suse.com/1211442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2721"
},
{
"cve": "CVE-2023-2722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2722"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2722",
"url": "https://www.suse.com/security/cve/CVE-2023-2722"
},
{
"category": "external",
"summary": "SUSE Bug 1211442 for CVE-2023-2722",
"url": "https://bugzilla.suse.com/1211442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2722"
},
{
"cve": "CVE-2023-2723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2723"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2723",
"url": "https://www.suse.com/security/cve/CVE-2023-2723"
},
{
"category": "external",
"summary": "SUSE Bug 1211442 for CVE-2023-2723",
"url": "https://bugzilla.suse.com/1211442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2723"
},
{
"cve": "CVE-2023-2724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2724"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2724",
"url": "https://www.suse.com/security/cve/CVE-2023-2724"
},
{
"category": "external",
"summary": "SUSE Bug 1211442 for CVE-2023-2724",
"url": "https://bugzilla.suse.com/1211442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2724"
},
{
"cve": "CVE-2023-2725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2725"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2725",
"url": "https://www.suse.com/security/cve/CVE-2023-2725"
},
{
"category": "external",
"summary": "SUSE Bug 1211442 for CVE-2023-2725",
"url": "https://bugzilla.suse.com/1211442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2725"
},
{
"cve": "CVE-2023-2726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2726"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2726",
"url": "https://www.suse.com/security/cve/CVE-2023-2726"
},
{
"category": "external",
"summary": "SUSE Bug 1211442 for CVE-2023-2726",
"url": "https://bugzilla.suse.com/1211442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromedriver-113.0.5672.126-bp154.2.87.1.x86_64",
"openSUSE Leap 15.4:chromium-113.0.5672.126-bp154.2.87.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-31T14:40:39Z",
"details": "important"
}
],
"title": "CVE-2023-2726"
}
]
}
OPENSUSE-SU-2024:12922-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
chromedriver-113.0.5672.92-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: chromedriver-113.0.5672.92-1.1 on GA media
Description of the patch: These are all security issues fixed in the chromedriver-113.0.5672.92-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12922
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "chromedriver-113.0.5672.92-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the chromedriver-113.0.5672.92-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12922",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12922-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2459 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2460 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2460/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2461 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2461/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2462 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2463 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2463/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2464 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2465 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2466 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2466/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2467 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2467/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2468 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2468/"
}
],
"title": "chromedriver-113.0.5672.92-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12922-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-113.0.5672.92-1.1.aarch64",
"product": {
"name": "chromedriver-113.0.5672.92-1.1.aarch64",
"product_id": "chromedriver-113.0.5672.92-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-113.0.5672.92-1.1.aarch64",
"product": {
"name": "chromium-113.0.5672.92-1.1.aarch64",
"product_id": "chromium-113.0.5672.92-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-113.0.5672.92-1.1.ppc64le",
"product": {
"name": "chromedriver-113.0.5672.92-1.1.ppc64le",
"product_id": "chromedriver-113.0.5672.92-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "chromium-113.0.5672.92-1.1.ppc64le",
"product": {
"name": "chromium-113.0.5672.92-1.1.ppc64le",
"product_id": "chromium-113.0.5672.92-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-113.0.5672.92-1.1.s390x",
"product": {
"name": "chromedriver-113.0.5672.92-1.1.s390x",
"product_id": "chromedriver-113.0.5672.92-1.1.s390x"
}
},
{
"category": "product_version",
"name": "chromium-113.0.5672.92-1.1.s390x",
"product": {
"name": "chromium-113.0.5672.92-1.1.s390x",
"product_id": "chromium-113.0.5672.92-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-113.0.5672.92-1.1.x86_64",
"product": {
"name": "chromedriver-113.0.5672.92-1.1.x86_64",
"product_id": "chromedriver-113.0.5672.92-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-113.0.5672.92-1.1.x86_64",
"product": {
"name": "chromium-113.0.5672.92-1.1.x86_64",
"product_id": "chromium-113.0.5672.92-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-113.0.5672.92-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64"
},
"product_reference": "chromedriver-113.0.5672.92-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-113.0.5672.92-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le"
},
"product_reference": "chromedriver-113.0.5672.92-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-113.0.5672.92-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x"
},
"product_reference": "chromedriver-113.0.5672.92-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-113.0.5672.92-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64"
},
"product_reference": "chromedriver-113.0.5672.92-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-113.0.5672.92-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64"
},
"product_reference": "chromium-113.0.5672.92-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-113.0.5672.92-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le"
},
"product_reference": "chromium-113.0.5672.92-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-113.0.5672.92-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x"
},
"product_reference": "chromium-113.0.5672.92-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-113.0.5672.92-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
},
"product_reference": "chromium-113.0.5672.92-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-2459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2459"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2459",
"url": "https://www.suse.com/security/cve/CVE-2023-2459"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2459",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-2459"
},
{
"cve": "CVE-2023-2460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2460"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2460",
"url": "https://www.suse.com/security/cve/CVE-2023-2460"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2460",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-2460"
},
{
"cve": "CVE-2023-2461",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2461"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2461",
"url": "https://www.suse.com/security/cve/CVE-2023-2461"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2461",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-2461"
},
{
"cve": "CVE-2023-2462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2462"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2462",
"url": "https://www.suse.com/security/cve/CVE-2023-2462"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2462",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-2462"
},
{
"cve": "CVE-2023-2463",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2463"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2463",
"url": "https://www.suse.com/security/cve/CVE-2023-2463"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2463",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-2463"
},
{
"cve": "CVE-2023-2464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2464"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2464",
"url": "https://www.suse.com/security/cve/CVE-2023-2464"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2464",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-2464"
},
{
"cve": "CVE-2023-2465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2465"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2465",
"url": "https://www.suse.com/security/cve/CVE-2023-2465"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2465",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-2465"
},
{
"cve": "CVE-2023-2466",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2466"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2466",
"url": "https://www.suse.com/security/cve/CVE-2023-2466"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2466",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-2466"
},
{
"cve": "CVE-2023-2467",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2467"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2467",
"url": "https://www.suse.com/security/cve/CVE-2023-2467"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2467",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-2467"
},
{
"cve": "CVE-2023-2468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2468"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2468",
"url": "https://www.suse.com/security/cve/CVE-2023-2468"
},
{
"category": "external",
"summary": "SUSE Bug 1211036 for CVE-2023-2468",
"url": "https://bugzilla.suse.com/1211036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-113.0.5672.92-1.1.x86_64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.aarch64",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.s390x",
"openSUSE Tumbleweed:chromium-113.0.5672.92-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-2468"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…