Severe Chromium DoS, Info Disclosure Vulns Fixed
A severe, remotely exploitable Type Confusion vulnerability has been found in Chromium (CVE-2023-5346). Due to its significant threat to the confidentiality, integrity, and availability of impacted systems, this bug has received a National Vulnerability Database base score of 8.8 out of 10 (“High” severity).
Several other important security vulnerabilities have also recently been found in Chromium, including inappropriate implementation in Custom Tabs, Prompts, Input, Custom Mobile Tabs, Autofill, Intents, Picture in Picture, and Interstitials, and insufficient policy enforcement in Downloads.
These issues could result in the execution of arbitrary code, denial of service, or information disclosure.
Essential Chromium security updates have been released to fix these dangerous bugs. As these flaws severely threaten the confidentiality, integrity, and availability of impacted systems, we urge all affected users to apply the updates released by Debian, Fedora, Gentoo, Mageia, and openSUSE immediately to protect their critical systems and sensitive data against attacks leading to downtime and compromise.
To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.
Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).