diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,82 @@ + + chromium -- multiple vulnerabilities + + + chromium + 111.0.5563.64 + + + ungoogled-chromium + 111.0.5563.64 + + + + +

Chrome Releases reports:

+
+

This update includes 40 security fixes:

+
    +
  • [1411210] High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30
    • +
  • [1412487] High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03
    • +
  • [1417176] High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17
    • +
  • [1417649] High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21
    • +
  • [1412658] High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03
    • +
  • [1413628] High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on 2023-02-07
    • +
  • [1415328] High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero on 2023-02-13
    • +
  • [1417185] High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero on 2023-02-17
    • +
  • [1385343] Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry on 2022-11-16
    • +
  • [1403515] Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24
    • +
  • [1398579] Medium CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-12-07
    • +
  • [1403539] Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita on 2022-12-25
    • +
  • [1408799] Medium CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20
    • +
  • [1013080] Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous on 2019-10-10
    • +
  • [1348791] Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on 2022-07-31
    • +
  • [1365100] Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18
    • +
  • [1160485] Medium CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita on 2020-12-20
    • +
  • [1404230] Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong on 2022-12-30
    • +
  • [1274887] Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave on 2021-11-30
    • +
  • [1346924] Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta on 2022-07-24
    • +
  • [1045681] Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami on 2020-01-25
    • +
  • [1404621] Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-01-03
    • +
  • [1404704] Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-03
    • +
  • [1374518] Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz on 2022-10-14
    • +
+
+ + + + CVE-2023-1213 + CVE-2023-1214 + CVE-2023-1215 + CVE-2023-1216 + CVE-2023-1217 + CVE-2023-1218 + CVE-2023-1219 + CVE-2023-1220 + CVE-2023-1221 + CVE-2023-1222 + CVE-2023-1223 + CVE-2023-1224 + CVE-2023-1225 + CVE-2023-1226 + CVE-2023-1227 + CVE-2023-1228 + CVE-2023-1229 + CVE-2023-1230 + CVE-2023-1231 + CVE-2023-1232 + CVE-2023-1233 + CVE-2023-1234 + CVE-2023-1235 + CVE-2023-1236 + https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html + + + 2023-03-08 + 2023-03-09 + + + jenkins -- multiple vulnerabilities