Errata ALT-PU-2024-4809-1: Information
Fixes
Published: Feb. 20, 2024
BDU:2024-01580
Уязвимость компонента Accessibility браузера Google Chrome и Microsoft Edge, позволяющая нарушителю скомпрометировать процесс рендеринга
Severity: HIGH (7.1) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Links:
Published: Feb. 20, 2024
BDU:2024-01583
Уязвимость компонента Download браузера Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: MEDIUM (5.4) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Links:
Published: Feb. 20, 2024
BDU:2024-01584
Уязвимость механизма CSP (Content Security Policy) браузера Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие ограничения безопасности
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Links:
Published: Feb. 20, 2024
BDU:2024-01585
Уязвимость функции Navigation браузера Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности с помощью специально созданной HTML страницы
Severity: HIGH (7.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Links:
Published: Jan. 26, 2024
BDU:2024-01598
Уязвимость модуля отображения Blink браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2024
BDU:2024-01600
Уязвимость функции Navigation браузера Google Chrome и Microsoft Edge, позволяющая нарушителю раскрыть защищаемую информацию
Severity: LOW (3.1) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Links:
Published: Jan. 3, 2024
BDU:2024-01614
Уязвимость функции изоляции сайтов (Site Isolation) браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: HIGH (8.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Links:
Published: Dec. 6, 2023
BDU:2024-01615
Уязвимость IPC-библиотеки Mojo браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 27, 2024
BDU:2024-01685
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.6) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: Feb. 27, 2024
BDU:2024-01686
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 20, 2024
BDU:2024-01998
Уязвимость компонента FedCM браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 19, 2024
BDU:2024-01999
Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 19, 2024
BDU:2024-02065
Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: March 12, 2024
BDU:2024-02213
Уязвимость компонента Performance Manager браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Feb. 21, 2024
Modified: Feb. 26, 2024
Modified: Feb. 26, 2024
CVE-2024-1669
Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Links:
- https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
- https://issues.chromium.org/issues/41495060
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/
Published: Feb. 21, 2024
Modified: Feb. 26, 2024
Modified: Feb. 26, 2024
CVE-2024-1670
Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Links:
- https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
- https://issues.chromium.org/issues/41481374
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/
Published: Feb. 21, 2024
Modified: Feb. 26, 2024
Modified: Feb. 26, 2024
CVE-2024-1671
Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
Links:
- https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
- https://issues.chromium.org/issues/41487933
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/
Published: Feb. 21, 2024
Modified: Feb. 26, 2024
Modified: Feb. 26, 2024
CVE-2024-1672
Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
Links:
- https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
- https://issues.chromium.org/issues/41485789
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/
Published: Feb. 21, 2024
Modified: Feb. 26, 2024
Modified: Feb. 26, 2024
CVE-2024-1673
Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Links:
- https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
- https://issues.chromium.org/issues/41490491
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/
Published: Feb. 21, 2024
Modified: Feb. 26, 2024
Modified: Feb. 26, 2024
CVE-2024-1674
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
Links:
- https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
- https://issues.chromium.org/issues/40095183
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/
Published: Feb. 21, 2024
Modified: Feb. 26, 2024
Modified: Feb. 26, 2024
CVE-2024-1675
Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
Links:
- https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
- https://issues.chromium.org/issues/41486208
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/
Published: Feb. 21, 2024
Modified: Feb. 26, 2024
Modified: Feb. 26, 2024
CVE-2024-1676
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
Links:
- https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
- https://issues.chromium.org/issues/40944847
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/
Published: Feb. 29, 2024
Modified: March 8, 2024
Modified: March 8, 2024
CVE-2024-1938
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Links:
- https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html
- https://issues.chromium.org/issues/324596281
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTGM2WHYSZAUUPENB7YO6E5ONAKE6AKJ/
Published: Feb. 29, 2024
Modified: March 8, 2024
Modified: March 8, 2024
CVE-2024-1939
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Links:
- https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html
- https://issues.chromium.org/issues/323694592
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTGM2WHYSZAUUPENB7YO6E5ONAKE6AKJ/
Published: March 6, 2024
Modified: March 23, 2024
Modified: March 23, 2024
CVE-2024-2173
Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Links:
Published: March 6, 2024
Modified: March 23, 2024
Modified: March 23, 2024
CVE-2024-2174
Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Links:
Published: March 6, 2024
Modified: March 23, 2024
Modified: March 23, 2024
CVE-2024-2176
Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Links:
Published: March 13, 2024
Modified: March 16, 2024
Modified: March 16, 2024
CVE-2024-2400
Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Links:
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html
- https://issues.chromium.org/issues/327696052
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T55OZ7JOMLNT5ICM4DTCZOJZD6TZICKO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIKPDCUMQNF2DFB7TU3V4ISJ7WFJH7YI/
Published: March 20, 2024
Modified: April 1, 2024
Modified: April 1, 2024
CVE-2024-2625
Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html
- https://issues.chromium.org/issues/327740539
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/
Published: March 20, 2024
Modified: April 1, 2024
Modified: April 1, 2024
CVE-2024-2626
Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html
- https://issues.chromium.org/issues/40945098
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/
Published: March 20, 2024
Modified: April 1, 2024
Modified: April 1, 2024
CVE-2024-2627
Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html
- https://issues.chromium.org/issues/41493290
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/
Published: March 20, 2024
Modified: April 1, 2024
Modified: April 1, 2024
CVE-2024-2628
Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html
- https://issues.chromium.org/issues/41487774
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/
Published: March 20, 2024
Modified: April 1, 2024
Modified: April 1, 2024
CVE-2024-2629
Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html
- https://issues.chromium.org/issues/41487721
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/
Published: March 20, 2024
Modified: April 1, 2024
Modified: April 1, 2024
CVE-2024-2630
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Links:
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html
- https://issues.chromium.org/issues/41481877
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/
Published: March 20, 2024
Modified: April 1, 2024
Modified: April 1, 2024
CVE-2024-2631
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Links:
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html
- https://issues.chromium.org/issues/41495878
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/
Published: March 27, 2024
Modified: March 29, 2024
Modified: March 29, 2024
CVE-2024-2883
Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Links:
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
- https://issues.chromium.org/issues/327807820
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/
Published: March 27, 2024
Modified: March 29, 2024
Modified: March 29, 2024
CVE-2024-2885
Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Links:
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
- https://issues.chromium.org/issues/328958020
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/
Published: March 27, 2024
Modified: March 29, 2024
Modified: March 29, 2024
CVE-2024-2886
Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Links:
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
- https://issues.chromium.org/issues/330575496
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/
Published: March 27, 2024
Modified: March 29, 2024
Modified: March 29, 2024
CVE-2024-2887
Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Links:
- https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
- https://issues.chromium.org/issues/330588502
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G3RKI7VTQSIAI3PVZGRCHOSELTQXQ5FQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUWGSMA5X2NQP5XEFCLRWNX6246GZ2C/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IQMRHKDEG4J7TMRRRGUGW6GS4MVBX5IT/