----------------------------------------------------------------------------------
@MSGID:
<5730c95a-bc6e-d80b-5c01-473eb876ad5f@canonical.com> b4eda21f
@REPLYADDR Fabian Toepfer
<fabian.toepfer@canonical.com>
@REPLYTO 2:5075/128 Fabian Toepfer
@CHRS: CP866 2
@RFC: 1 0
@RFC-Message-ID:
<5730c95a-bc6e-d80b-5c01-473eb876ad5f@canonical.com>
@RFC-MIME-Version: 1.0
@RFC-Content-Type: multipart/mixed;
boundary="===============7857691357955259290=="
@RFC-Content-Transfer-Encoding: 8bit
@TZUTC: 0200
@TID: FIDOGATE-5.12-ge4e8b94
==========================================================================
Ubuntu Security Notice USN-6021-1
April 14, 2023
chromium-browser vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Chromium.
Software Description:
- chromium-browser: Chromium web browser, open-source version of Chrome
Details:
It was discovered that Chromium did not properly manage memory in several
components. A remote attacker could possibly use this issue to corrupt
memory via a crafted HTML page, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2023-1528, CVE-2023-1530,
CVE-2023-1531, CVE-2023-1533, CVE-2023-1811, CVE-2023-1815, CVE-2023-1818)
It was discovered that Chromium could be made to access memory out of
bounds in WebHID. A remote attacker could possibly use this issue to
corrupt memory via a malicious HID device, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2023-1529)
It was discovered that Chromium could be made to access memory out of
bounds in several components. A remote attacker could possibly use this
issue to corrupt memory via a crafted HTML page, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2023-1532,
CVE-2023-1534, CVE-2023-1810, CVE-2023-1812, CVE-2023-1819, CVE-2023-1820)
It was discovered that Chromium contained an inappropriate implementation
in the Extensions component. A remote attacker who convinced a user to
install a malicious extension could possibly use this issue to bypass file
access restrictions via a crafted HTML page. (CVE-2023-1813)
It was discovered that Chromium did not properly validate untrusted input
in the Safe Browsing component. A remote attacker could possibly use this
issue to bypass download checking via a crafted HTML page. (CVE-2023-1814)
It was discovered that Chromium contained an inappropriate implementation
in the Picture In Picture component. A remote attacker could possibly use
this issue to perform navigation spoofing via a crafted HTML page.
(CVE-2023-1816)
It was discovered that Chromium contained an inappropriate implementation
in the WebShare component. A remote attacker could possibly use this issue
to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
(CVE-2023-1821)
It was discovered that Chromium contained an inappropriate implementation
in the Navigation component. A remote attacker could possibly use this
issue to perform domain spoofing via a crafted HTML page. (CVE-2023-1822)
It was discovered that Chromium contained an inappropriate implementation
in the FedCM component. A remote attacker could possibly use this issue to
bypass navigation restrictions via a crafted HTML page. (CVE-2023-1823)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
chromium-browser 112.0.5615.49-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-6021-1
CVE-2023-1528, CVE-2023-1529, CVE-2023-1530, CVE-2023-1531,
CVE-2023-1532, CVE-2023-1533, CVE-2023-1534, CVE-2023-1810,
CVE-2023-1811, CVE-2023-1812, CVE-2023-1813, CVE-2023-1814,
CVE-2023-1815, CVE-2023-1816, CVE-2023-1818, CVE-2023-1819,
CVE-2023-1820, CVE-2023-1821, CVE-2023-1822, CVE-2023-1823
Package Information:
https://launchpad.net/ubuntu/+source/chromium-browser/112.0.5615.49-0ubuntu0.18.
04.1
--- FIDOGATE 5.12-ge4e8b94
* Origin: Usenet Network (2:5075/128)
SEEN-BY: 221/6 301/1 467/888 5001/100 5005/49
5015/255 5019/40 5020/715 848
SEEN-BY: 5020/1042 4441 12000 5030/49 1081 5075/35
128
@PATH: 5075/128 5020/1042 4441