ALT-PU-2023-5701-4

Package chromium updated to version 117.0.5938.62-alt1 for branch sisyphus in task 329770.

Уязвимость компонента Fonts браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4431

Уязвимость режима рендеринга Vulkan браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4430

Уязвимость загрузчика браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4429

Уязвимость компонента CSS браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4428

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4427

Уязвимость компонента MediaStream браузеров Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4572

Уязвимость компонента BFCache браузера Google Chrome, позволяющая нарушителю проводить спуфинг-атаки

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4764

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4762

Уязвимость компонента FedCM браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4761

Уязвимость компонента Networks браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4763

Уязвимость библиотеки libwebp для кодирования и декодирования изображений в формате WebP, связанная с чтением за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4863

Уязвимость пользовательских вкладок браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4900

Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4901

Уязвимость компонента Input браузера Google Chrome, позволяющая нарушителю подменить пользовательский интерфейс

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4902

Уязвимость пользовательских вкладок браузера Google Chrome, позволяющая нарушителю подменить пользовательский интерфейс

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4903

Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4905

Уязвимость компонента Downloads браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4904

Уязвимость функции автозаполнения Autofill браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4906

Уязвимость компонента Intents браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4907

Уязвимость технологии Picture In Picture браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4908

Уязвимость компонента Interstitials браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4909

Уязвимость библиотеки SwiftShader браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2024-3176

Уязвимость компонента Permission Prompt Handler браузера Google Chrome, позволяющая нарушителю установить вредоносное приложение и потенциально выполнить выход из изолированной программной среды

Severity: HIGH (7.5)Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (7.6)Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

References:

CVE-2023-7012

Уязвимость компонента WebRTC браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность данных

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-7010

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Use after free in WebRTC in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium)

Severity: CRITICAL (9.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Bundled libwebp in imagecodecs vulnerable

References:

opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (8.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References:

libwebp: OOB write in BuildHuffmanTable

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

opencv-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (8.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References:

opencv-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (8.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References:

opencv-contrib-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (8.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References:

Vulnerable version of libwebp and can be exploited with a malicious source image

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

ALT-PU-2023-5701-4

Closed vulnerabilities