FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

chromium -- multiple vulnerabilities

Affected packages
	chromium	<	117.0.5938.132
	ungoogled-chromium	<	117.0.5938.132
	qt6-webengine	<	6.6.1

Details

VuXML ID	6d9c6aae-5eb1-11ee-8290-a8a1599412c6
Discovery	2023-09-27
Entry	2023-09-29

Chrome Releases reports:

This update includes 10 security fixes:

[1486441] High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25

[1478889] High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05

[1475798] High CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25

[source]

References

CVE Name	CVE-2023-5186
CVE Name	CVE-2023-5187
CVE Name	CVE-2023-5217
URL	https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html