Discover LinuxSecurity Features
Remotely Exploitable Chromium DoS, Info Disclosure Vulns Fixed

Several high-impact remotely exploitable vulnerabilities were recently discovered in the popular Chromium free and open-source web browser. These issues could lead to the execution of arbitrary code, denial of service (DoS) attacks resulting in potentially exploitable crashes, or the disclosure of sensitive information.
Luckily, an important Chromium security update that fixes these bugs is now available. This article will cover these dangerous vulnerabilities recently identified in Chromium, who is impacted, and how users can update their systems to protect against these flaws.
The Discovery & The Impact
The most severe vulnerabilities recently discovered and patched in Chromium include:
- CVE-2023-1810: Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-1811: Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-1812: Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1813: Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1815: Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1816: Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1817: Insufficient policy enforcement in Intents in Google Chrome on Android prior to 1
12.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1818: Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1819: Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-1820: Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-2033: Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Many of the vulnerabilities have been rated by the National Vulnerability Database as having a critical or high severity, and have a high confidentiality, integrity and availability impact.
How To Secure Your System Against These Critical Bugs
Chromium has released an important security update mitigating these issues. We strongly recommend that all impacted users apply the Chromium updates issued by their distro(s) as soon as possible to protect against exploits leading to downtime and the compromise of their systems and sensitive data.
To see if your distro has issued an advisory for these Chromium vulnerabilities and to stay on top of important updates released by the open-source programs and applications you use, be sure to register as a LinuxSecurity user, then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use. This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems. We also encourage you to follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s). Linux security expert and LinuxSecurity.com Founder Dave Wreski concludes, “It is crucial that all admins and organizations track security advisories diligently and apply patches as soon as they are released in order to stay ahead of attackers looking to exploit vulnerabilities to gain access to critical systems and confidential information.”