SB2023091903 - Debian update for chromium

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023091903

SB2023091903 - Debian update for chromium

Published: September 19, 2023

Security Bulletin ID SB2023091903
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 50% Medium 10% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Improperly implemented security check for standard (CVE-ID: CVE-2023-4900)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Custom Tabs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


2) Improperly implemented security check for standard (CVE-ID: CVE-2023-4901)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


3) Improperly implemented security check for standard (CVE-ID: CVE-2023-4902)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Input in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


4) Improperly implemented security check for standard (CVE-ID: CVE-2023-4903)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Custom Mobile Tabs in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-4904)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Downloads in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


6) Improperly implemented security check for standard (CVE-ID: CVE-2023-4905)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Prompts in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-4906)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in Autofill in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and gain access to sensitive information.


8) Improperly implemented security check for standard (CVE-ID: CVE-2023-4907)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Intents in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


9) Improperly implemented security check for standard (CVE-ID: CVE-2023-4908)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Picture in Picture in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


10) Improperly implemented security check for standard (CVE-ID: CVE-2023-4909)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect implementation in Interstitials in Google Chrome. A remote attacker can create a specially crafted web page, trick the victim into visiting it and gain access to sensitive information.


Remediation

Install update from vendor's website.

References