This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8704971364460537323== Content-Language: en-US Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------AYofbU8g60duLf92HvEv8GlC"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------AYofbU8g60duLf92HvEv8GlC Content-Type: multipart/mixed; boundary="------------v3LfC6hmJ0dSxn6I2ETn7Add"; protected-headers="v1" From: Fabian Toepfer <fabian.toepfer@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <e1a36be0-aaca-4b7b-92f9-478f82438e01@canonical.com> Subject: [USN-5881-1] Chromium vulnerabilities
--------------v3LfC6hmJ0dSxn6I2ETn7Add Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64
========================================================================== Ubuntu Security Notice USN-5881-1 February 21, 2023
chromium-browser vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Chromium.
Software Description: - chromium-browser: Chromium web browser, open-source version of Chrome
Details:
It was discovered that Chromium did not properly manage memory. A remote attacker could possibly use these issues to cause a denial of service or execute arbitrary code via a crafted HTML page. (CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699, CVE-2023-0702, CVE-2023-0705)
It was discovered that Chromium did not properly manage memory. A remote attacker who convinced a user to install a malicious extension could possibly use this issue to corrupt memory via a Chrome web app. (CVE-2023-0474)
It was discovered that Chromium contained an inappropriate implementation in the Download component. A remote attacker could possibly use this issue to spoof contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2023-0700)
It was discovered that Chromium did not properly manage memory. A remote attacker who convinced a user to engage in specific UI interactions could possibly use these issues to cause a denial of service or execute arbitrary code. (CVE-2023-0701, CVE-2023-0703)
It was discovered that Chromium insufficiently enforced policies. A remote attacker could possibly use this issue to bypass same origin policy and proxy settings via a crafted HTML page. (CVE-2023-0704)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: chromium-browser 110.0.5481.100-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5881-1 CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0474, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699, CVE-2023-0700, CVE-2023-0701, CVE-2023-0702, CVE-2023-0703, CVE-2023-0704, CVE-2023-0705
Package Information: https://launchpad.net/ubuntu/+source/chromium-browser/110.0.5481.100-0ubuntu0.18.04.1 --------------v3LfC6hmJ0dSxn6I2ETn7Add--
--------------AYofbU8g60duLf92HvEv8GlC Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEE2WgtvmwmcgaEBLlnCAvK1QvD6SAFAmP1G5MFAwAAAAAACgkQCAvK1QvD6SCQ 7w//en4KISDDUT0BlQhZPWL48f6GGhz/PN5XUnXKz7Nsr73Bd6pAgntBqaweHM+K68VGDvAH8vgC tpLGwBG9i6IlcoPh+jAboTNMyYc2rDQCOLBu33wAGToccBSsxpdy3sHc/s+CWKosvGTOd9DX0dbk 0roGpVG7aPatq9eMMCDwDTKBtnua1JuA6zvIytpueUDbVJ44F5Qe6UvaKwm2TWL4Pr2NG4WBuvum Vj2MSFz+8nV+I0epxqOXoaf3kx+WpocZ9lmAAHX6nV6QTb7d+46cz9zM5rSEUN91xKgg5AfcLVK6 4QRtVeSyonyyxHS0XXmRITeZ9zEAwUnYmDB0rXDzaxUwfsjsrAgqnd9KXIeAiEaF6g5Xn9TSxchn neoIoFLxxDfQidpVD0rR4bYVZDr3xiUmTm9yhE6y3lnjRKLiUBPwp+PUktfpAGpN9q608t3X97Ec dDmNppVhuuiKAxI3mw734KgF7PKOZIBoioHjkjav4A6pkZN9TrV0ZnkIjoyOXKwGBINTSUAh3p90 1t6PbhfpGOcpxM3FH/RTlycXUJ9jKnVwB6Bs4UFcgPAutrM+dDz5aSqp1/i+W4pRDrKNnl1VRCGe SYCRV4UE8OMEKiuDUQ6b4AqnnqsVrBaUfxSdHqph0knBdlp2B3bRokTz0/am1njqrSIyvz7Lz8tX Rdc= =Nt2E -----END PGP SIGNATURE-----
--------------AYofbU8g60duLf92HvEv8GlC--
--===============8704971364460537323== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============8704971364460537323==--
|