USN-6021-1: Chromium vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6021-1
April 14, 2023
chromium-browser vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Chromium.
Software Description:
- chromium-browser: Chromium web browser, open-source version of Chrome
Details:
It was discovered that Chromium did not properly manage memory in several
components. A remote attacker could possibly use this issue to corrupt
memory via a crafted HTML page, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2023-1528, CVE-2023-1530,
CVE-2023-1531, CVE-2023-1533, CVE-2023-1811, CVE-2023-1815, CVE-2023-1818)
It was discovered that Chromium could be made to access memory out of
bounds in WebHID. A remote attacker could possibly use this issue to
corrupt memory via a malicious HID device, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2023-1529)
It was discovered that Chromium could be made to access memory out of
bounds in several components. A remote attacker could possibly use this
issue to corrupt memory via a crafted HTML page, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2023-1532,
CVE-2023-1534, CVE-2023-1810, CVE-2023-1812, CVE-2023-1819, CVE-2023-1820)
It was discovered that Chromium contained an inappropriate implementation
in the Extensions component. A remote attacker who convinced a user to
install a malicious extension could possibly use this issue to bypass file
access restrictions via a crafted HTML page. (CVE-2023-1813)
It was discovered that Chromium did not properly validate untrusted input
in the Safe Browsing component. A remote attacker could possibly use this
issue to bypass download checking via a crafted HTML page. (CVE-2023-1814)
It was discovered that Chromium contained an inappropriate implementation
in the Picture In Picture component. A remote attacker could possibly use
this issue to perform navigation spoofing via a crafted HTML page.
(CVE-2023-1816)
It was discovered that Chromium contained an inappropriate implementation
in the WebShare component. A remote attacker could possibly use this issue
to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
(CVE-2023-1821)
It was discovered that Chromium contained an inappropriate implementation
in the Navigation component. A remote attacker could possibly use this
issue to perform domain spoofing via a crafted HTML page. (CVE-2023-1822)
It was discovered that Chromium contained an inappropriate implementation
in the FedCM component. A remote attacker could possibly use this issue to
bypass navigation restrictions via a crafted HTML page. (CVE-2023-1823)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
chromium-browser 112.0.5615.49-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-6021-1
CVE-2023-1528, CVE-2023-1529, CVE-2023-1530, CVE-2023-1531,
CVE-2023-1532, CVE-2023-1533, CVE-2023-1534, CVE-2023-1810,
CVE-2023-1811, CVE-2023-1812, CVE-2023-1813, CVE-2023-1814,
CVE-2023-1815, CVE-2023-1816, CVE-2023-1818, CVE-2023-1819,
CVE-2023-1820, CVE-2023-1821, CVE-2023-1822, CVE-2023-1823
Package Information:
https://launchpad.net/ubuntu/+source/chromium-browser/112.0.5615.49-0ubuntu0.18.04.1
A Chromium security update has been released for Ubuntu Linux 18.04 LTS.