All errata/sisyphus/ALT-PU-2023-1764-2
ALT-PU-2023-1764-2

Package update chromium in branch sisyphus

Version113.0.5672.63-alt1
Task#320085
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (22)

BDU:2023-02350
MEDIUM6.5

Уязвимость реализации полноэкранного режима (Full Screen Mode) браузера Google Chrome, позволяющая нарушителю скрыть содержимое адресной строки Omnibox

Published: 2023-05-04Modified: 2023-09-13
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
References
BDU:2023-02367
MEDIUM6.5

Уязвимость реализации механизма CORS (Cross-Origin Resource Sharing) браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2023-05-04Modified: 2023-09-13
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
References
BDU:2023-02380
HIGH7.1

Уязвимость расширений браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации

Published: 2023-05-04Modified: 2023-09-13
CVSS 3.xHIGH 7.1
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:P
References
BDU:2023-02383
MEDIUM4.3

Уязвимость технологии Picture-in-Picture (PiP) браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Published: 2023-05-10Modified: 2023-12-26
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
References
BDU:2023-02384
MEDIUM4.3

Уязвимость компонента Prompts браузера Google Chrome операционных систем Android, позволяющая нарушителю обойти ограничения безопасности

Published: 2023-05-10Modified: 2023-09-13
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P
References
BDU:2023-02385
MEDIUM4.3

Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Published: 2023-05-10Modified: 2023-12-26
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
References
BDU:2023-02386
MEDIUM6.3

Уязвимость технологии Picture-in-Picture (PiP) браузера Google Chrome, позволяющая нарушителю проводить спуфинг-атаки

Published: 2023-05-10Modified: 2023-12-26
CVSS 3.xMEDIUM 6.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
References
BDU:2023-02387
MEDIUM4.3

Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Published: 2023-05-10Modified: 2023-12-26
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
References
BDU:2023-02388
HIGH8.8

Уязвимость расширения Google Input Tools Chrome OS браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2023-05-10Modified: 2023-09-13
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2023-02389
MEDIUM6.5

Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности

Published: 2023-05-10Modified: 2023-12-26
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N
References
BDU:2024-07572
MEDIUM4.3

Уязвимость функции Navigation браузера Google Chrome, позволяющая нарушителю проводить спуфинг-атаки

Published: 2024-09-30
CVSS 3.xMEDIUM 4.3
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N
References
CVE-2023-2459
MEDIUM6.5

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-05-03Modified: 2024-11-21
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References
CVE-2023-2460
HIGH7.1

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-05-03Modified: 2024-11-21
CVSS 3.xHIGH 7.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
References
CVE-2023-2461
HIGH8.8

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)

Published: 2023-05-03Modified: 2024-11-21
CVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
CVE-2023-2462
MEDIUM4.3

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-05-03Modified: 2024-11-21
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References
CVE-2023-2463
MEDIUM4.3

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-05-03Modified: 2024-11-21
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References
CVE-2023-2464
MEDIUM4.3

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-05-03Modified: 2024-11-21
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References
CVE-2023-2465
MEDIUM4.3

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Published: 2023-05-03Modified: 2024-11-21
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
References
CVE-2023-2466
MEDIUM4.3

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)

Published: 2023-05-03Modified: 2024-11-21
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References
CVE-2023-2467
MEDIUM4.3

Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)

Published: 2023-05-03Modified: 2024-11-21
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References
CVE-2023-2468
MEDIUM4.3

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)

Published: 2023-05-03Modified: 2024-11-21
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References
CVE-2023-7282
MEDIUM4.3

Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Published: 2024-09-23Modified: 2025-01-02
CVSS 3.xMEDIUM 4.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References