ALT-PU-2023-1245-1
Package chromium-gost updated to version 110.0.5481.77-alt1 for branch sisyphus in task 315244.
Closed vulnerabilities
BDU:2022-06706
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-06759
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-06760
Уязвимость механизма Web Workers браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-06761
Уязвимость компонента WebCodecs браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-06762
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-06763
Уязвимость компонента Crashpad браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-06993
Уязвимость графического процессора браузера Google Chrome, позволяющая нарушителю выйти из изолированной программной среды
BDU:2022-07073
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-07153
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-07230
Уязвимость набора инструментов для веб-разработки DevTools браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации
BDU:2022-07256
Уязвимость компонента Blink Media браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-07258
Уязвимость IPC-библиотеки Mojo браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-07315
Уязвимость компонента Blink Frames браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-07321
Уязвимость компонента Profiles браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2022-07460
Уязвимость функции Navigation браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю проводить спуфинг-атаки
BDU:2022-07498
Уязвимость реализации механизма CORS браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности
BDU:2023-00071
Уязвимость функции Overview Mode браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2023-00166
Уязвимость сетевой службы браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
BDU:2023-00357
Уязвимость компонента Accessibility браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать повреждение стека
BDU:2023-00392
Уязвимость компонента WebTransport браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2023-00394
Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2023-00400
Уязвимость IPC-библиотеки Mojo браузера Google Chrome, позволяющая нарушителю выполнить произвольный код с помощью специально созданного расширения в Chrome
BDU:2023-00533
Уязвимость реализации всплывающих окон с запросом на разрешение браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2023-00534
Уязвимость реализации прикладного программного интерфейса File System браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности
BDU:2023-00537
Уязвимость механизма «Downloads» («Загрузки») браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности
BDU:2023-00648
Уязвимость компонента Core веб-браузера Google Chrome, позволяющая нарушителю повысить свои привилегии
BDU:2023-00649
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2023-00650
Уязвимость компонента Data Transfer веб-браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2023-00651
Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
BDU:2023-00652
Уязвимость пользовательского интерфейса WebUI браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2023-00653
Уязвимость загрузчика веб-браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить доступ к конфиденциальной информации
BDU:2023-00654
Уязвимость графического процессора GPU браузеров Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-00754
Уязвимость обработчика JavaScript-сценариев V8 веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2023-00929
Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2023-00930
Уязвимость реализации полноэкранного режима (Full Screen Mode) браузера Google Chrome, позволяющая нарушителю изменить содержимое пользовательского интерфейса
Modified: 2024-11-21
CVE-2022-3885
Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-3886
Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-3887
Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-3888
Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-3889
Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-3890
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Modified: 2025-03-12
CVE-2022-4135
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-4174
Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-4175
Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-4176
Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-4177
Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-4178
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-4179
Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-4180
Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-4181
Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-4182
Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2022-4183
Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2022-4184
Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2022-4185
Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2022-4186
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2022-4187
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2022-4188
Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2022-4189
Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2022-4190
Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2022-4191
Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2022-4192
Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2022-4193
Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2022-4194
Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2022-4195
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)
Modified: 2025-02-19
CVE-2022-4262
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-4436
Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-4437
Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-4438
Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2022-4440
Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0128
Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2023-0129
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)
Modified: 2025-03-21
CVE-2023-0130
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2025-03-21
CVE-2023-0131
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2025-03-21
CVE-2023-0132
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2025-03-21
CVE-2023-0133
Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0134
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0135
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0136
Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0137
Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0138
Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Modified: 2024-11-21
CVE-2023-0139
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)
Modified: 2024-11-21
CVE-2023-0140
Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)
Modified: 2025-03-21
CVE-2023-0141
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Modified: 2024-11-21
CVE-2023-0471
Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2023-0472
Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2023-0473
Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0474
Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0696
Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2023-0697
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High)
Modified: 2024-11-21
CVE-2023-0698
Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
- https://crbug.com/1403573
- https://crbug.com/1403573
- GLSA-202309-17
- GLSA-202309-17
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693
Modified: 2024-11-21
CVE-2023-0699
Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)
Modified: 2025-03-21
CVE-2023-0700
Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0701
Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0702
Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2024-11-21
CVE-2023-0703
Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)
Modified: 2025-03-21
CVE-2023-0704
Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)
Modified: 2024-11-21
CVE-2023-0705
Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Closed bugs
Не использует прокси-сервер, указанный в переменных окружения
Поиск через yandex по умолчанию