Discover Security Vulnerabilities News
Remotely Exploitable Chromium Vulns Fixed
Three important vulnerabilities were discovered in Chromium, including a type confusion in V8 (CVE-2023-3420) and use after frees in Media (CVE-2023-3421) and Guest View (CVE-2023-3422). With a low attack complexity and a high confidentiality, integrity and availability impact, these flaws have received a National Vulnerability Database severity rating of 8.8 out of 10 (“High” severity).
These bugs could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.
An update is available for Chromium that fixes these severe issues. We strongly recommend that all impacted users apply the Chromium updates issued by their distro(s) now to protect against attacks leading to potential system downtime and compromise.
To stay on top of important updates released by the open-source programs and applications you use, be sure to register as a LinuxSecurity user, then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use. This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.
Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).