Remotely Exploitable Chromium DoS, Info Disclosure Vulns Fixed

Several high-impact, remotely exploitable cybersecurity vulnerabilities were recently discovered in the popular Chromium free and open-source web browser. These network security issues could lead to the execution of arbitrary code, Denial of Service (DoS) attacks resulting in potentially exploitable crashes, or the disclosure of sensitive information.

Luckily, important Chromium security updates can fix these bugs and are now available. This article will cover these dangerous exploits in cybersecurity recently identified in Chromium and how users can update their systems to protect against these risks.

The Discovery & The Impact

The most severe data and network security threats recently discovered and patched in Chromium include:

• CVE-2023-1810: Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
• CVE-2023-1811: Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
• CVE-2023-1812: Out-of-bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out-of-bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
• CVE-2023-1813: Inappropriate implementation of Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
• CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)
• CVE-2023-1815: Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
• CVE-2023-1816: Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)
• CVE-2023-1817: Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
• CVE-2023-1818: Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
• CVE-2023-1819: Out-of-bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out-of-bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
• CVE-2023-1820: Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
• CVE-2023-2033: Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Many of the cybersecurity vulnerabilities have been rated by the National Vulnerability Database as having a critical or high severity. These network security issues have a high impact on confidentiality, integrity, and availability.

How Can I Secure My System Against These Critical Bugs?

Chromium has released an important security update mitigating these network security issues. We strongly recommend that all impacted users apply the Chromium updates issued by their distro(s) as soon as possible to protect against exploits in network security leading to downtime, system compromise, and sensitive data loss.

To see if your distro has issued an advisory for these Chromium cybersecurity vulnerabilities and to stay on top of important updates released by the open-source programs and applications you use, be sure to register as a LinuxSecurity user, then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use. This will enable you to stay up-to-date on the latest, most significant network security threats impacting your systems. We also encourage you to follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s). Linux security expert and LinuxSecurity.com Founder Dave Wreski concludes, “It is crucial that all admins and organizations track security advisories diligently and apply patches as soon as they are released in order to stay ahead of attackers looking to exploit vulnerabilities to gain access to critical systems and confidential information.”