Ubuntu alert USN-5881-1 (chromium-browser)
| From: | Fabian Toepfer <fabian.toepfer@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-5881-1] Chromium vulnerabilities | |
| Date: | Tue, 21 Feb 2023 20:29:23 +0100 | |
| Message-ID: | <e1a36be0-aaca-4b7b-92f9-478f82438e01@canonical.com> |
========================================================================== Ubuntu Security Notice USN-5881-1 February 21, 2023 chromium-browser vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Chromium. Software Description: - chromium-browser: Chromium web browser, open-source version of Chrome Details: It was discovered that Chromium did not properly manage memory. A remote attacker could possibly use these issues to cause a denial of service or execute arbitrary code via a crafted HTML page. (CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699, CVE-2023-0702, CVE-2023-0705) It was discovered that Chromium did not properly manage memory. A remote attacker who convinced a user to install a malicious extension could possibly use this issue to corrupt memory via a Chrome web app. (CVE-2023-0474) It was discovered that Chromium contained an inappropriate implementation in the Download component. A remote attacker could possibly use this issue to spoof contents of the Omnibox (URL bar) via a crafted HTML page. (CVE-2023-0700) It was discovered that Chromium did not properly manage memory. A remote attacker who convinced a user to engage in specific UI interactions could possibly use these issues to cause a denial of service or execute arbitrary code. (CVE-2023-0701, CVE-2023-0703) It was discovered that Chromium insufficiently enforced policies. A remote attacker could possibly use this issue to bypass same origin policy and proxy settings via a crafted HTML page. (CVE-2023-0704) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: chromium-browser 110.0.5481.100-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5881-1 CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0474, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699, CVE-2023-0700, CVE-2023-0701, CVE-2023-0702, CVE-2023-0703, CVE-2023-0704, CVE-2023-0705 Package Information: https://launchpad.net/ubuntu/+source/chromium-browser/110...