VuXML: chromium -- multiple vulnerabilities

VuXML ID	5666688f-803b-4cf0-9cb1-08c088f2225a
Discovery	2023-08-15
Entry	2023-08-17

Chrome Releases reports:

This update includes 26 security fixes:

[1448548] High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24

[1458303] High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang (@Krace) of VRI on 2023-06-27

[1454817] High CVE-2023-4350: Inappropriate implementation in Fullscreen. Reported by Khiem Tran (@duckhiem) on 2023-06-14

[1465833] High CVE-2023-4351: Use after free in Network. Reported by Guang and Weipeng Jiang of VRI on 2023-07-18

[1452076] High CVE-2023-4352: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-06-07

[1458046] High CVE-2023-4353: Heap buffer overflow in ANGLE. Reported by Christoph Diehl / Microsoft Vulnerability Research on 2023-06-27

[1464215] High CVE-2023-4354: Heap buffer overflow in Skia. Reported by Mark Brand of Google Project Zero on 2023-07-12

[1468943] High CVE-2023-4355: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-07-31

[1449929] Medium CVE-2023-4356: Use after free in Audio. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-05-30

[1458911] Medium CVE-2023-4357: Insufficient validation of untrusted input in XML. Reported by Igor Sak-Sakovskii on 2023-06-28

[1466415] Medium CVE-2023-4358: Use after free in DNS. Reported by Weipeng Jiang (@Krace) of VRI on 2023-07-20

[1443722] Medium CVE-2023-4359: Inappropriate implementation in App Launcher. Reported by @retsew0x01 on 2023-05-09

[1462723] Medium CVE-2023-4360: Inappropriate implementation in Color. Reported by Axel Chong on 2023-07-07

[1465230] Medium CVE-2023-4361: Inappropriate implementation in Autofill. Reported by Thomas Orlita on 2023-07-17

[1316379] Medium CVE-2023-4362: Heap buffer overflow in Mojom IDL. Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab on 2022-04-14

[1367085] Medium CVE-2023-4363: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2022-09-23

[1406922] Medium CVE-2023-4364: Inappropriate implementation in Permission Prompts. Reported by Jasper Rebane on 2023-01-13

[1431043] Medium CVE-2023-4365: Inappropriate implementation in Fullscreen. Reported by Hafiizh on 2023-04-06

[1450784] Medium CVE-2023-4366: Use after free in Extensions. Reported by asnine on 2023-06-02

[1467743] Medium CVE-2023-4367: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26

[1467751] Medium CVE-2023-4368: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26

[source]

CVE Name	CVE-2023-2312
CVE Name	CVE-2023-4349
CVE Name	CVE-2023-4350
CVE Name	CVE-2023-4351
CVE Name	CVE-2023-4352
CVE Name	CVE-2023-4353
CVE Name	CVE-2023-4354
CVE Name	CVE-2023-4355
CVE Name	CVE-2023-4356
CVE Name	CVE-2023-4357
CVE Name	CVE-2023-4358
CVE Name	CVE-2023-4359
CVE Name	CVE-2023-4360
CVE Name	CVE-2023-4361
CVE Name	CVE-2023-4362
CVE Name	CVE-2023-4363
CVE Name	CVE-2023-4364
CVE Name	CVE-2023-4365
CVE Name	CVE-2023-4366
CVE Name	CVE-2023-4367
CVE Name	CVE-2023-4368
URL	https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

chromium -- multiple vulnerabilities

Details

References