Debian: DSA-5487-1 High: Chromium Flaws Lead to Remote Code Execution
Sep 15, 2023
•
Brittany Day
1 - 2 min read
Topics Covered
Multiple severe, remotely exploitable security vulnerabilities have been found in Chromium, including out-of-bounds memory access in V8, CSS, and Fonts (CVE-2023-4427, CVE-2023-4428, and CVE-2023-4431), and use after frees in Loader and Vulkan (CVE-2023-4429 and CVE-2023-4430). Because of the serious threat these bugs pose to the confidentiality, integrity, and availability of impacted systems and their ease of exploitation, they have all received a National Vulnerability Database severity rating of “High”.
These issues could result in the execution of arbitrary code, denial of service, or information disclosure.
A Chromium security update that mitigates these dangerous flaws has been released. We strongly recommend that all impacted users apply the updates released by Debian, Fedora and openSUSE now to protect against attacks leading to loss of access to critical systems and the compromise of sensitive data.
To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.
Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!