Sicherheit: Mehrere Probleme in Chromium

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8704971364460537323==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------AYofbU8g60duLf92HvEv8GlC"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------AYofbU8g60duLf92HvEv8GlC
Content-Type: multipart/mixed;
boundary="------------v3LfC6hmJ0dSxn6I2ETn7Add";
protected-headers="v1"
From: Fabian Toepfer <fabian.toepfer@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <e1a36be0-aaca-4b7b-92f9-478f82438e01@canonical.com>
Subject: [USN-5881-1] Chromium vulnerabilities

--------------v3LfC6hmJ0dSxn6I2ETn7Add
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-5881-1
February 21, 2023

chromium-browser vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Chromium.

Software Description:
- chromium-browser: Chromium web browser, open-source version of Chrome

Details:

It was discovered that Chromium did not properly manage memory. A remote
attacker could possibly use these issues to cause a denial of service or
execute arbitrary code via a crafted HTML page. (CVE-2023-0471,
CVE-2023-0472, CVE-2023-0473, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699,
CVE-2023-0702, CVE-2023-0705)

It was discovered that Chromium did not properly manage memory. A remote
attacker who convinced a user to install a malicious extension could
possibly use this issue to corrupt memory via a Chrome web app.
(CVE-2023-0474)

It was discovered that Chromium contained an inappropriate implementation
in the Download component. A remote attacker could possibly use this issue
to spoof contents of the Omnibox (URL bar) via a crafted HTML page.
(CVE-2023-0700)

It was discovered that Chromium did not properly manage memory. A remote
attacker who convinced a user to engage in specific UI interactions could
possibly use these issues to cause a denial of service or execute
arbitrary code. (CVE-2023-0701, CVE-2023-0703)

It was discovered that Chromium insufficiently enforced policies. A remote
attacker could possibly use this issue to bypass same origin policy and
proxy settings via a crafted HTML page. (CVE-2023-0704)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
chromium-browser 110.0.5481.100-0ubuntu0.18.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://ubuntu.com/security/notices/USN-5881-1
CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0474,
CVE-2023-0696, CVE-2023-0698, CVE-2023-0699, CVE-2023-0700,
CVE-2023-0701, CVE-2023-0702, CVE-2023-0703, CVE-2023-0704,
CVE-2023-0705

Package Information:
https://launchpad.net/ubuntu/+source/chromium-browser/110.0.5481.100-0ubuntu0.18.04.1
--------------v3LfC6hmJ0dSxn6I2ETn7Add--

--------------AYofbU8g60duLf92HvEv8GlC
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEE2WgtvmwmcgaEBLlnCAvK1QvD6SAFAmP1G5MFAwAAAAAACgkQCAvK1QvD6SCQ
7w//en4KISDDUT0BlQhZPWL48f6GGhz/PN5XUnXKz7Nsr73Bd6pAgntBqaweHM+K68VGDvAH8vgC
tpLGwBG9i6IlcoPh+jAboTNMyYc2rDQCOLBu33wAGToccBSsxpdy3sHc/s+CWKosvGTOd9DX0dbk
0roGpVG7aPatq9eMMCDwDTKBtnua1JuA6zvIytpueUDbVJ44F5Qe6UvaKwm2TWL4Pr2NG4WBuvum
Vj2MSFz+8nV+I0epxqOXoaf3kx+WpocZ9lmAAHX6nV6QTb7d+46cz9zM5rSEUN91xKgg5AfcLVK6
4QRtVeSyonyyxHS0XXmRITeZ9zEAwUnYmDB0rXDzaxUwfsjsrAgqnd9KXIeAiEaF6g5Xn9TSxchn
neoIoFLxxDfQidpVD0rR4bYVZDr3xiUmTm9yhE6y3lnjRKLiUBPwp+PUktfpAGpN9q608t3X97Ec
dDmNppVhuuiKAxI3mw734KgF7PKOZIBoioHjkjav4A6pkZN9TrV0ZnkIjoyOXKwGBINTSUAh3p90
1t6PbhfpGOcpxM3FH/RTlycXUJ9jKnVwB6Bs4UFcgPAutrM+dDz5aSqp1/i+W4pRDrKNnl1VRCGe
SYCRV4UE8OMEKiuDUQ6b4AqnnqsVrBaUfxSdHqph0knBdlp2B3bRokTz0/am1njqrSIyvz7Lz8tX
Rdc=
=Nt2E
-----END PGP SIGNATURE-----

--------------AYofbU8g60duLf92HvEv8GlC--

--===============8704971364460537323==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============8704971364460537323==--