Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 754
Alerts This Week
Warning Icon 1 754

Ubuntu 18.04 LTS USN-5881-1 Critical: Chromium Remote Code Execution

ubuntu
Calendar Grey February 21, 2023
Dist Ubuntu Esm H88
Ubuntu 18.04 LTS resolves multiple security flaws in Chromium associated with inadequate memory management, enhancing overall system stability.
Several security issues were fixed in Chromium.

Summary

Several security issues were fixed in Chromium.

Software Description:

- chromium-browser: Chromium web browser, open-source version of Chrome

Details:

It was discovered that Chromium did not properly manage memory. A remote

attacker could possibly use these issues to cause a denial of service or

execute arbitrary code via a crafted HTML page. (CVE-2023-0471,

CVE-2023-0472, CVE-2023-0473, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699,

CVE-2023-0702, CVE-2023-0705)

It was discovered that Chromium did not properly manage memory. A remote

attacker who convinced a user to install a malicious extension could

possibly use this issue to corrupt memory via a Chrome web app.

(CVE-2023-0474)

It was discovered that Chromium contained an inappropriate implementation

in the Download component. A remote attacker could possibly use this issue

to spoof contents of the Omnibox (URL bar) via a crafted HTML page.

(CVE-2023-0700)

It was discovered that Chromium did not prope...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
   chromium-browser                110.0.5481.100-0ubuntu0.18.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References

  https://ubuntu.com/security/notices/USN-5881-1

  CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0474,

  CVE-2023-0696, CVE-2023-0698, CVE-2023-0699, CVE-2023-0700,

  CVE-2023-0701, CVE-2023-0702, CVE-2023-0703, CVE-2023-0704,

  CVE-2023-0705

Severity
critical
Lowest
Low
Medium
High
Critical

February 21, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.