FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3d5581ff-d388-11ed-8581-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 16 security fixes:

  • [1414018] High CVE-2023-1810: Heap buffer overflow in Visuals. Reported by Weipeng Jiang (@Krace) of VRI on 2023-02-08
  • [1420510] High CVE-2023-1811: Use after free in Frames. Reported by Thomas Orlita on 2023-03-01
  • [1418224] Medium CVE-2023-1812: Out of bounds memory access in DOM Bindings. Reported by Shijiang Yu on 2023-02-22
  • [1423258] Medium CVE-2023-1813: Inappropriate implementation in Extensions. Reported by Axel Chong on 2023-03-10
  • [1417325] Medium CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2023-02-18
  • [1278708] Medium CVE-2023-1815: Use after free in Networking APIs. Reported by DDV_UA on 2021-12-10
  • [1413919] Medium CVE-2023-1816: Incorrect security UI in Picture In Picture. Reported by NDevTK on 2023-02-08
  • [1418061] Medium CVE-2023-1817: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2023-02-22
  • [1223346] Medium CVE-2023-1818: Use after free in Vulkan. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research, Eric Lawrence, Microsoft, Patrick Walker (@HomeSen), and Kirtikumar Anandrao Ramchandani on 2021-06-24
  • [1406588] Medium CVE-2023-1819: Out of bounds read in Accessibility. Reported by Microsoft Edge Team on 2023-01-12
  • [1408120] Medium CVE-2023-1820: Heap buffer overflow in Browser History. Reported by raven at KunLun lab on 2023-01-17
  • [1413618] Low CVE-2023-1821: Inappropriate implementation in WebShare. Reported by Axel Chong on 2023-02-07
  • [1066555] Low CVE-2023-1822: Incorrect security UI in Navigation. Reported by 강우진 on 2020-04-01
  • [1406900] Low CVE-2023-1823: Inappropriate implementation in FedCM. Reported by Jasper Rebane (popstonia) on 2023-01-13

Discovery 2023-04-05
Entry 2023-04-05
chromium
< 112.0.5615.49

ungoogled-chromium
< 112.0.5615.49

CVE-2023-1810
CVE-2023-1811
CVE-2023-1812
CVE-2023-1813
CVE-2023-1814
CVE-2023-1815
CVE-2023-1816
CVE-2023-1817
CVE-2023-1818
CVE-2023-1819
CVE-2023-1820
CVE-2023-1821
CVE-2023-1822
CVE-2023-1823
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html
88754d55-521a-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 16 security fixes:

  • [1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06
  • [1430867] Medium CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya on 2023-04-06
  • [1459281] Medium CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali on 2023-06-29
  • [1454515] Medium CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong on 2023-06-14
  • [1446709] Medium CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. Reported by Ahmed ElMasry on 2023-05-18
  • [1453501] Medium CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks on 2023-06-09
  • [1441228] Medium CVE-2023-4905: Inappropriate implementation in Prompts. Reported by Hafiizh on 2023-04-29
  • [1449874] Low CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2023-05-30
  • [1462104] Low CVE-2023-4907: Inappropriate implementation in Intents. Reported by Mohit Raj (shadow2639) on 2023-07-04
  • [1451543] Low CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong on 2023-06-06
  • [1463293] Low CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong on 2023-07-09

Discovery 2023-09-12
Entry 2023-09-13
chromium
< 117.0.5938.62

ungoogled-chromium
< 117.0.5938.62

CVE-2023-4863
CVE-2023-4900
CVE-2023-4901
CVE-2023-4902
CVE-2023-4903
CVE-2023-4904
CVE-2023-4905
CVE-2023-4906
CVE-2023-4907
CVE-2023-4908
CVE-2023-4909
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
ad05a737-14bd-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 4 security fixes:

  • [1452137] High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07
  • [1447568] High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22
  • [1450397] High CVE-2023-3422: Use after free in Guest View. Reported by asnine on 2023-06-01

Discovery 2023-06-26
Entry 2023-06-27
chromium
< 114.0.5735.198

ungoogled-chromium
< 114.0.5735.198

CVE-2023-3420
CVE-2023-3421
CVE-2023-3422
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
07ee8c14-68f1-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 20 security fixes:

  • [1487110] Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18楼梦想改造家 on 2023-09-27
  • [1062251] Medium CVE-2023-5487: Inappropriate implementation in Fullscreen. Reported by Anonymous on 2020-03-17
  • [1414936] Medium CVE-2023-5484: Inappropriate implementation in Navigation. Reported by Thomas Orlita on 2023-02-11
  • [1476952] Medium CVE-2023-5475: Inappropriate implementation in DevTools. Reported by Axel Chong on 2023-08-30
  • [1425355] Medium CVE-2023-5483: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-03-17
  • [1458934] Medium CVE-2023-5481: Inappropriate implementation in Downloads. Reported by Om Apip on 2023-06-28
  • [1474253] Medium CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun on 2023-08-20
  • [1483194] Medium CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car] on 2023-09-15
  • [1471253] Medium CVE-2023-5479: Inappropriate implementation in Extensions API. Reported by Axel Chong on 2023-08-09
  • [1395164] Low CVE-2023-5485: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2022-12-02
  • [1472404] Low CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-08-12
  • [1472558] Low CVE-2023-5477: Inappropriate implementation in Installer. Reported by Bahaa Naamneh of Crosspoint Labs on 2023-08-13
  • [1357442] Low CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh on 2022-08-29
  • [1484000] Low CVE-2023-5473: Use after free in Cast. Reported by DarkNavy on 2023-09-18

Discovery 2023-10-10
Entry 2023-10-11
chromium
< 118.0.5993.70

ungoogled-chromium
< 118.0.5993.70

qt6-webengine
< 6.6.1

CVE-2023-5218
CVE-2023-5487
CVE-2023-5484
CVE-2023-5475
CVE-2023-5483
CVE-2023-5481
CVE-2023-5476
CVE-2023-5474
CVE-2023-5479
CVE-2023-5485
CVE-2023-5478
CVE-2023-5477
CVE-2023-5486
CVE-2023-5473
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html
90c48c04-d549-4fc0-a503-4775e32d438echromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 8 security fixes:

  • [1429197] High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
  • [1429201] High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30
  • [1424337] High CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14
  • [1432603] High CVE-2023-2136: Integer overflow in Skia. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-12
  • [1430644] Medium CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05

Discovery 2023-04-20
Entry 2023-04-20
chromium
< 112.0.5615.165

ungoogled-chromium
< 112.0.5615.165

CVE-2023-2133
CVE-2023-2134
CVE-2023-2135
CVE-2023-2136
CVE-2023-2137
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
5fa332b9-4269-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 5 security fixes:

  • [1469542] High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02
  • [1469754] High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03
  • [1470477] High CVE-2023-4428: Out of bounds memory access in CSS. Reported by Francisco Alonso (@revskills) on 2023-08-06
  • [1470668] High CVE-2023-4427: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-08-07
  • [1469348] Medium CVE-2023-4431: Out of bounds memory access in Fonts. Reported by Microsoft Security Researcher on 2023-08-01

Discovery 2023-08-22
Entry 2023-08-24
chromium
< 116.0.5845.110

ungoogled-chromium
< 116.0.5845.110

CVE-2023-4430
CVE-2023-4429
CVE-2023-4428
CVE-2023-4427
CVE-2023-4431
https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html
6e4e8e87-9fb8-4e32-9f8e-9b4303f4bfd5chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 17 security fixes:

  • [1466183] High CVE-2023-4068: Type Confusion in V8. Reported by Jerry on 2023-07-20
  • [1465326] High CVE-2023-4069: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-07-17
  • [1462951] High CVE-2023-4070: Type Confusion in V8. Reported by Jerry on 2023-07-07
  • [1458819] High CVE-2023-4071: Heap buffer overflow in Visuals. Reported by Guang and Weipeng Jiang of VRI on 2023-06-28
  • [1464038] High CVE-2023-4072: Out of bounds read and write in WebGL. Reported by Apple Security Engineering and Architecture (SEAR) on 2023-07-12
  • [1456243] High CVE-2023-4073: Out of bounds memory access in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-06-20
  • [1464113] High CVE-2023-4074: Use after free in Blink Task Scheduling. Reported by Anonymous on 2023-07-12
  • [1457757] High CVE-2023-4075: Use after free in Cast. Reported by Cassidy Kim(@cassidy6564) on 2023-06-25
  • [1459124] High CVE-2023-4076: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2023-06-29
  • [1451146] Medium CVE-2023-4077: Insufficient data validation in Extensions. Reported by Anonymous on 2023-06-04
  • [1461895] Medium CVE-2023-4078: Inappropriate implementation in Extensions. Reported by Anonymous on 2023-07-04

Discovery 2023-08-02
Entry 2023-08-04
chromium
< 115.0.5790.170

ungoogled-chromium
< 115.0.5790.170

CVE-2023-4068
CVE-2023-4069
CVE-2023-4070
CVE-2023-4071
CVE-2023-4072
CVE-2023-4073
CVE-2023-4074
CVE-2023-4075
CVE-2023-4076
CVE-2023-4077
CVE-2023-4078
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html
77fc311d-7e62-11ee-8290-a8a1599412c6chromium -- security update

Chrome Releases reports:

This update includes 1 security fix:

  • [1497859] High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30

Discovery 2023-11-07
Entry 2023-11-08
chromium
< 119.0.6045.123

ungoogled-chromium
< 119.0.6045.123

CVE-2023-5996
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html
12741b1f-04f9-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 2 security fixes:

  • [1450481] High CVE-2023-3079: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-06-01

Discovery 2023-06-05
Entry 2023-06-07
chromium
< 114.0.5735.106

ungoogled-chromium
< 114.0.5735.106

CVE-2023-3079
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
4d6b5ea9-bc64-4e77-a7ee-d62ba68a80ddchromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 10 security fixes:

  • [1415366] Critical CVE-2023-0941: Use after free in Prompts. Reported by Anonymous on 2023-02-13
  • [1414738] High CVE-2023-0927: Use after free in Web Payments API. Reported by Rong Jian of VRI on 2023-02-10
  • [1309035] High CVE-2023-0928: Use after free in SwiftShader. Reported by Anonymous on 2022-03-22
  • [1399742] High CVE-2023-0929: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2022-12-09
  • [1410766] High CVE-2023-0930: Heap buffer overflow in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-27
  • [1407701] High CVE-2023-0931: Use after free in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-17
  • [1413005] High CVE-2023-0932: Use after free in WebRTC. Reported by Omri Bushari (Talon Cyber Security) on 2023-02-05
  • [1404864] Medium CVE-2023-0933: Integer overflow in PDF. Reported by Zhiyi Zhang from Codesafe Team of Legendsec at QI-ANXIN

Discovery 2023-02-22
Entry 2023-02-22
chromium
< 110.0.5481.177

ungoogled-chromium
< 110.0.5481.177

CVE-2023-0941
CVE-2023-0927
CVE-2023-0928
CVE-2023-0929
CVE-2023-0930
CVE-2023-0931
CVE-2023-0932
CVE-2023-0933
https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
a1e27775-7a61-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 15 security fixes:

  • [1492698] High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2023-10-14
  • [1492381] High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13
  • [1492384] High CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy on 2023-10-13
  • [1281972] Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639) on 2021-12-22
  • [1473957] Medium CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-08-18
  • [1480852] Medium CVE-2023-5852: Use after free in Printing. Reported by [pwn2car] on 2023-09-10
  • [1456876] Medium CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh on 2023-06-22
  • [1488267] Medium CVE-2023-5854: Use after free in Profiles. Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ on 2023-10-01
  • [1492396] Medium CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang on 2023-10-13
  • [1493380] Medium CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17
  • [1493435] Medium CVE-2023-5857: Inappropriate implementation in Downloads. Reported by Will Dormann on 2023-10-18
  • [1457704] Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Reported by Axel Chong on 2023-06-24
  • [1482045] Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee on 2023-09-13

Discovery 2023-10-31
Entry 2023-11-03
chromium
< 119.0.6045.105

ungoogled-chromium
< 119.0.6045.105

qt6-webengine
< 6.6.1

CVE-2023-5480
CVE-2023-5482
CVE-2023-5849
CVE-2023-5850
CVE-2023-5851
CVE-2023-5852
CVE-2023-5853
CVE-2023-5854
CVE-2023-5855
CVE-2023-5856
CVE-2023-5857
CVE-2023-5858
CVE-2023-5859
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html
6d9c6aae-5eb1-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 10 security fixes:

  • [1486441] High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25
  • [1478889] High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05
  • [1475798] High CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25

Discovery 2023-09-27
Entry 2023-09-29
chromium
< 117.0.5938.132

ungoogled-chromium
< 117.0.5938.132

qt6-webengine
< 6.6.1

CVE-2023-5217
CVE-2023-5186
CVE-2023-5187
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
4e45c45b-629e-11ee-8290-a8a1599412c6chromium -- type confusion in v8

Chrome Releases reports:

This update includes 1 security fix:

  • [1485829] High CVE-2023-5346: Type Confusion in V8. Reported by Amit Kumar on 2023-09-22

Discovery 2023-10-03
Entry 2023-10-04
chromium
< 117.0.5938.149

ungoogled-chromium
< 117.0.5938.149

CVE-2023-5346
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop.html
502c9f72-99b3-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 9 security fixes:

  • [1501326] High CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2023-11-10
  • [1502102] High CVE-2023-6703: Use after free in Blink. Reported by Cassidy Kim(@cassidy6564) on 2023-11-14
  • [1504792] High CVE-2023-6704: Use after free in libavif. Reported by Fudan University on 2023-11-23
  • [1505708] High CVE-2023-6705: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-11-28
  • [1500921] High CVE-2023-6706: Use after free in FedCM. Reported by anonymous on 2023-11-09
  • [1504036] Medium CVE-2023-6707: Use after free in CSS. Reported by @ginggilBesel on 2023-11-21

Discovery 2023-12-12
Entry 2023-12-13
chromium
< 120.0.6099.109

ungoogled-chromium
< 120.0.6099.109

CVE-2023-6702
CVE-2023-6703
CVE-2023-6704
CVE-2023-6705
CVE-2023-6706
CVE-2023-6707
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html
ec8e4040-afcd-11ee-86bb-a8a1599412c6chromium -- security fix

Chrome Releases reports:

This update includes 1 security fix:

  • [1513379] High CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg (@malcolmst) of SODIUM-24, LLC on 2023-12-20

Discovery 2024-01-09
Entry 2024-01-10
chromium
< 120.0.6099.216

ungoogled-chromium
< 120.0.6099.216

CVE-2024-0333
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html
bea52545-f4a7-11ed-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 12 security fixes:

  • [1444360] Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360 on 2023-05-10
  • [1400905] High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14
  • [1435166] High CVE-2023-2723: Use after free in DevTools. Reported by asnine on 2023-04-21
  • [1433211] High CVE-2023-2724: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-14
  • [1442516] High CVE-2023-2725: Use after free in Guest View. Reported by asnine on 2023-05-04
  • [1442018] Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-03

Discovery 2023-05-16
Entry 2023-05-17
chromium
< 113.0.5672.126

ungoogled-chromium
< 113.0.5672.126

CVE-2023-2721
CVE-2023-2722
CVE-2023-2723
CVE-2023-2724
CVE-2023-2725
CVE-2023-2726
https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html
1567be8c-0a15-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 5 security fixes:

  • [1450568] Critical CVE-2023-3214: Use after free in Autofill payments. Reported by Rong Jian of VRI on 2023-06-01
  • [1446274] High CVE-2023-3215: Use after free in WebRTC. Reported by asnine on 2023-05-17
  • [1450114] High CVE-2023-3216: Type Confusion in V8. Reported by 5n1p3r0010 from Topsec ChiXiao Lab on 2023-05-31
  • [1450601] High CVE-2023-3217: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero on 2023-06-01

Discovery 2023-06-13
Entry 2023-06-13
chromium
< 114.0.5735.133

ungoogled-chromium
< 114.0.5735.133

CVE-2023-3214
CVE-2023-3215
CVE-2023-3216
CVE-2023-3217
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html
df0a2fd1-4c92-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 4 security fixes:

  • [1476403] High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28
  • [1473247] High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16
  • [1469928] High CVE-2023-4763: Use after free in Networks. Reported by anonymous on 2023-08-03
  • [1447237] High CVE-2023-4764: Incorrect security UI in BFCache. Reported by Irvan Kurniawan (sourc7) on 2023-05-20

Discovery 2023-09-05
Entry 2023-09-06
chromium
< 116.0.5845.179

ungoogled-chromium
< 116.0.5845.179

CVE-2023-4761
CVE-2023-4762
CVE-2023-4763
CVE-2023-4764
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
8cdd38c7-8ebb-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 7 security fixes:

  • [1491459] High CVE-2023-6348: Type Confusion in Spellcheck. Reported by Mark Brand of Google Project Zero on 2023-10-10
  • [1494461] High CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2023-10-21
  • [1500856] High CVE-2023-6346: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-09
  • [1501766] High CVE-2023-6350: Out of bounds memory access in libavif. Reported by Fudan University on 2023-11-13
  • [1501770] High CVE-2023-6351: Use after free in libavif. Reported by Fudan University on 2023-11-13
  • [1505053] High CVE-2023-6345: Integer overflow in Skia. Reported by Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group on 2023-11-24

Discovery 2023-11-28
Entry 2023-11-29
chromium
< 119.0.6045.199

ungoogled-chromium
< 119.0.6045.199

qt5-webengine
< 5.15.16.p5_2

qt6-webengine
< 6.6.1_1

CVE-2023-6348
CVE-2023-6347
CVE-2023-6346
CVE-2023-6350
CVE-2023-6351
CVE-2023-6345
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
1b2a8e8a-9fd5-11ee-86bb-a8a1599412c6chromium -- security fix

Chrome Releases reports:

This update includes 1 security fix:

  • [1513170] High CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on 2023-12-19

Discovery 2023-12-20
Entry 2023-12-21
chromium
< 120.0.6099.129

ungoogled-chromium
< 120.0.6099.129

CVE-2023-7024
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
d357f6bb-0af4-4ac9-b096-eeec183ad829chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 40 security fixes:

  • [1411210] High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30
  • [1412487] High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03
  • [1417176] High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17
  • [1417649] High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21
  • [1412658] High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03
  • [1413628] High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on 2023-02-07
  • [1415328] High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero on 2023-02-13
  • [1417185] High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero on 2023-02-17
  • [1385343] Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry on 2022-11-16
  • [1403515] Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24
  • [1398579] Medium CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-12-07
  • [1403539] Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita on 2022-12-25
  • [1408799] Medium CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20
  • [1013080] Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous on 2019-10-10
  • [1348791] Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on 2022-07-31
  • [1365100] Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18
  • [1160485] Medium CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita on 2020-12-20
  • [1404230] Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong on 2022-12-30
  • [1274887] Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave on 2021-11-30
  • [1346924] Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta on 2022-07-24
  • [1045681] Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami on 2020-01-25
  • [1404621] Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-01-03
  • [1404704] Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-03
  • [1374518] Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz on 2022-10-14

Discovery 2023-03-08
Entry 2023-03-09
chromium
< 111.0.5563.64

ungoogled-chromium
< 111.0.5563.64

CVE-2023-1213
CVE-2023-1214
CVE-2023-1215
CVE-2023-1216
CVE-2023-1217
CVE-2023-1218
CVE-2023-1219
CVE-2023-1220
CVE-2023-1221
CVE-2023-1222
CVE-2023-1223
CVE-2023-1224
CVE-2023-1225
CVE-2023-1226
CVE-2023-1227
CVE-2023-1228
CVE-2023-1229
CVE-2023-1230
CVE-2023-1231
CVE-2023-1232
CVE-2023-1233
CVE-2023-1234
CVE-2023-1235
CVE-2023-1236
https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html
fd87a250-ff78-11ed-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 16 security fixes:

  • [1410191] High CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-25
  • [1443401] High CVE-2023-2930: Use after free in Extensions. Reported by asnine on 2023-05-08
  • [1444238] High CVE-2023-2931: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on 2023-05-10
  • [1444581] High CVE-2023-2932: Use after free in PDF. Reported by Huyna at Viettel Cyber Security on 2023-05-11
  • [1445426] High CVE-2023-2933: Use after free in PDF. Reported by Quang Nguyễn (@quangnh89) of Viettel Cyber Security and Nguyen Phuong on 2023-05-15
  • [1429720] High CVE-2023-2934: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-04-01
  • [1440695] High CVE-2023-2935: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-27
  • [1443452] High CVE-2023-2936: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-05-08
  • [1413813] Medium CVE-2023-2937: Inappropriate implementation in Picture In Picture. Reported by NDevTK on 2023-02-08
  • [1416350] Medium CVE-2023-2938: Inappropriate implementation in Picture In Picture. Reported by Alesandro Ortiz on 2023-02-15
  • [1427431] Medium CVE-2023-2939: Insufficient data validation in Installer. Reported by ycdxsb from VARAS@IIE on 2023-03-24
  • [1426807] Medium CVE-2023-2940: Inappropriate implementation in Downloads. Reported by Axel Chong on 2023-03-22
  • [1430269] Low CVE-2023-2941: Inappropriate implementation in Extensions API. Reported by Jasper Rebane on 2023-04-04

Discovery 2023-05-30
Entry 2023-05-31
chromium
< 114.0.5735.90

ungoogled-chromium
< 114.0.5735.90

CVE-2023-2929
CVE-2023-2930
CVE-2023-2931
CVE-2023-2932
CVE-2023-2933
CVE-2023-2934
CVE-2023-2935
CVE-2023-2936
CVE-2023-2937
CVE-2023-2938
CVE-2023-2939
CVE-2023-2940
CVE-2023-2941
https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html
246174d3-e979-11ed-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 15 security fixes:

  • [1423304] Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10
  • [1419732] Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik, Fingerprint[.]com on 2023-02-27
  • [1350561] Medium CVE-2023-2461: Use after free in OS Inputs. Reported by @ginggilBesel on 2022-08-06
  • [1375133] Medium CVE-2023-2462: Inappropriate implementation in Prompts. Reported by Alesandro Ortiz on 2022-10-17
  • [1406120] Medium CVE-2023-2463: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2023-01-10
  • [1418549] Medium CVE-2023-2464: Inappropriate implementation in PictureInPicture. Reported by Thomas Orlita on 2023-02-23
  • [1399862] Medium CVE-2023-2465: Inappropriate implementation in CORS. Reported by @kunte_ctf on 2022-12-10
  • [1385714] Low CVE-2023-2466: Inappropriate implementation in Prompts. Reported by Jasper Rebane (popstonia) on 2022-11-17
  • [1413586] Low CVE-2023-2467: Inappropriate implementation in Prompts. Reported by Thomas Orlita on 2023-02-07
  • [1416380] Low CVE-2023-2468: Inappropriate implementation in PictureInPicture. Reported by Alesandro Ortiz on 2023-02-15

Discovery 2023-05-03
Entry 2023-05-03
chromium
< 113.0.5672.63

ungoogled-chromium
< 113.0.5672.63

CVE-2023-2459
CVE-2023-2460
CVE-2023-2461
CVE-2023-2462
CVE-2023-2463
CVE-2023-2464
CVE-2023-2465
CVE-2023-2466
CVE-2023-2467
CVE-2023-2468
https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html
5666688f-803b-4cf0-9cb1-08c088f2225achromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 26 security fixes:

  • [1448548] High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24
  • [1458303] High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang (@Krace) of VRI on 2023-06-27
  • [1454817] High CVE-2023-4350: Inappropriate implementation in Fullscreen. Reported by Khiem Tran (@duckhiem) on 2023-06-14
  • [1465833] High CVE-2023-4351: Use after free in Network. Reported by Guang and Weipeng Jiang of VRI on 2023-07-18
  • [1452076] High CVE-2023-4352: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-06-07
  • [1458046] High CVE-2023-4353: Heap buffer overflow in ANGLE. Reported by Christoph Diehl / Microsoft Vulnerability Research on 2023-06-27
  • [1464215] High CVE-2023-4354: Heap buffer overflow in Skia. Reported by Mark Brand of Google Project Zero on 2023-07-12
  • [1468943] High CVE-2023-4355: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-07-31
  • [1449929] Medium CVE-2023-4356: Use after free in Audio. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-05-30
  • [1458911] Medium CVE-2023-4357: Insufficient validation of untrusted input in XML. Reported by Igor Sak-Sakovskii on 2023-06-28
  • [1466415] Medium CVE-2023-4358: Use after free in DNS. Reported by Weipeng Jiang (@Krace) of VRI on 2023-07-20
  • [1443722] Medium CVE-2023-4359: Inappropriate implementation in App Launcher. Reported by @retsew0x01 on 2023-05-09
  • [1462723] Medium CVE-2023-4360: Inappropriate implementation in Color. Reported by Axel Chong on 2023-07-07
  • [1465230] Medium CVE-2023-4361: Inappropriate implementation in Autofill. Reported by Thomas Orlita on 2023-07-17
  • [1316379] Medium CVE-2023-4362: Heap buffer overflow in Mojom IDL. Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab on 2022-04-14
  • [1367085] Medium CVE-2023-4363: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2022-09-23
  • [1406922] Medium CVE-2023-4364: Inappropriate implementation in Permission Prompts. Reported by Jasper Rebane on 2023-01-13
  • [1431043] Medium CVE-2023-4365: Inappropriate implementation in Fullscreen. Reported by Hafiizh on 2023-04-06
  • [1450784] Medium CVE-2023-4366: Use after free in Extensions. Reported by asnine on 2023-06-02
  • [1467743] Medium CVE-2023-4367: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26
  • [1467751] Medium CVE-2023-4368: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26

Discovery 2023-08-15
Entry 2023-08-17
chromium
< 116.0.5845.96

ungoogled-chromium
< 116.0.5845.96

CVE-2023-2312
CVE-2023-4349
CVE-2023-4350
CVE-2023-4351
CVE-2023-4352
CVE-2023-4353
CVE-2023-4354
CVE-2023-4355
CVE-2023-4356
CVE-2023-4357
CVE-2023-4358
CVE-2023-4359
CVE-2023-4360
CVE-2023-4361
CVE-2023-4362
CVE-2023-4363
CVE-2023-4364
CVE-2023-4365
CVE-2023-4366
CVE-2023-4367
CVE-2023-4368
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
22fffa69-46fa-11ee-8290-a8a1599412c6chromium -- use after free in MediaStream

Chrome Releases reports:

This update includes 1 security fix:

  • [1472492] High CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn(@_fwnfwn) on 2023-08-12

Discovery 2023-08-29
Entry 2023-08-30
chromium
< 116.0.5845.140

ungoogled-chromium
< 116.0.5845.140

CVE-2023-4472
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_29.html
6f0327d4-9902-4042-9b68-6fc2266944bcchromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 2 security fixes:

  • [1432210] High CVE-2023-2033: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-04-11

Discovery 2023-04-14
Entry 2023-04-15
chromium
< 112.0.5615.121

ungoogled-chromium
< 112.0.5615.121

CVE-2023-2033
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
0da4db89-84bf-11ee-8290-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 4 security fixes:

  • [1497997] High CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous on 2023-10-31
  • [1499298] High CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero on 2023-11-04

Discovery 2023-11-14
Entry 2023-11-16
chromium
< 119.0.6045.159

ungoogled-chromium
< 119.0.6045.159

qt5-webengine
< 5.15.16.p5

qt6-webengine
< 6.6.1

CVE-2023-5997
CVE-2023-6112
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html
db33e250-74f7-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 2 security fixes:

  • [1491296] High CVE-2023-5472: Use after free in Profiles. Reported by @18楼梦想改造家 on 2023-10-10

Discovery 2023-10-24
Entry 2023-10-27
chromium
< 118.0.5993.117

ungoogled-chromium
< 118.0.5993.117

CVE-2023-5472
https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_24.html
c8b334e0-6e83-4575-81d1-f9d5803ceb07chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 8 security fixes:

  • [1421773] High CVE-2023-1528: Use after free in Passwords. Reported by Wan Choi of Seoul National University on 2023-03-07
  • [1419718] High CVE-2023-1529: Out of bounds memory access in WebHID. Reported by anonymous on 2023-02-27
  • [1419831] High CVE-2023-1530: Use after free in PDF. Reported by The UK's National Cyber Security Centre (NCSC) on 2023-02-27
  • [1415330] High CVE-2023-1531: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2023-02-13
  • [1421268] High CVE-2023-1532: Out of bounds read in GPU Video. Reported by Mark Brand of Google Project Zero on 2023-03-03
  • [1422183] High CVE-2023-1533: Use after free in WebProtect. Reported by Weipeng Jiang (@Krace) of VRI on 2023-03-07
  • [1422594] High CVE-2023-1534: Out of bounds read in ANGLE. Reported by Jann Horn and Mark Brand of Google Project Zero on 2023-03-08

Discovery 2023-03-21
Entry 2023-03-22
chromium
< 111.0.5563.110

ungoogled-chromium
< 111.0.5563.110

CVE-2023-1528
CVE-2023-1529
CVE-2023-1530
CVE-2023-1531
CVE-2023-1532
CVE-2023-1533
CVE-2023-1534
https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html
4405e9ad-97fe-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 10 security fixes:

  • [1497984] High CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim(@cassidy6564) on 2023-10-31
  • [1494565] High CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani on 2023-10-21
  • [1480152] Medium CVE-2023-6510: Use after free in Media Capture. Reported by [pwn2car] on 2023-09-08
  • [1478613] Low CVE-2023-6511: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-09-04
  • [1457702] Low CVE-2023-6512: Inappropriate implementation in Web Browser UI. Reported by Om Apip on 2023-06-24

Discovery 2023-12-05
Entry 2023-12-11
chromium
< 120.0.6099.62

ungoogled-chromium
< 120.0.6099.62

qt5-webengine
< 5.15.16.p5_2

qt6-webengine
< 6.6.1_1

CVE-2023-6508
CVE-2023-6509
CVE-2023-6510
CVE-2023-6511
CVE-2023-6512
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html
1bc07be0-b514-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 4 security fixes:

  • [1515930] High CVE-2024-0517: Out of bounds write in V8. Reported by Toan (suto) Pham of Qrious Secure on 2024-01-06
  • [1507412] High CVE-2024-0518: Type Confusion in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-12-03
  • [1517354] High CVE-2024-0519: Out of bounds memory access in V8. Reported by Anonymous on 2024-01-11

Discovery 2024-01-16
Entry 2024-01-17
chromium
< 120.0.6099.224

ungoogled-chromium
< 120.0.6099.224

CVE-2024-0517
CVE-2024-0518
CVE-2024-0519
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
3ee577a9-aad4-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 6 security fixes:

  • [1501798] High CVE-2024-0222: Use after free in ANGLE. Reported by Toan (suto) Pham of Qrious Secure on 2023-11-13
  • [1505009] High CVE-2024-0223: Heap buffer overflow in ANGLE. Reported by Toan (suto) Pham and Tri Dang of Qrious Secure on 2023-11-24
  • [1505086] High CVE-2024-0224: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25
  • [1506923] High CVE-2024-0225: Use after free in WebGPU. Reported by Anonymous on 2023-12-01

Discovery 2024-01-03
Entry 2024-01-04
chromium
< 120.0.6099.199

ungoogled-chromium
< 120.0.6099.199

CVE-2024-0222
CVE-2024-0223
CVE-2024-0224
CVE-2024-0225
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html
2f22927f-26ea-11ee-8290-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 20 security fixes:

  • [1454086] High CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-06-12
  • [1457421] High CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-06-23
  • [1453465] High CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel on 2023-06-09
  • [1450899] High CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-06-02
  • [1450203] Medium CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-31
  • [1450376] Medium CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita on 2023-06-01
  • [1394410] Medium CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry on 2022-11-29
  • [1434438] Medium CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2023-04-19
  • [1446754] Medium CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2023-05-19
  • [1434330] Medium CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh on 2023-04-18
  • [1405223] Low CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui on 2023-01-06

Discovery 2023-07-19
Entry 2023-07-20
chromium
< 115.0.5790.98

ungoogled-chromium
< 115.0.5790.98

CVE-2023-3727
CVE-2023-3728
CVE-2023-3730
CVE-2023-3732
CVE-2023-3733
CVE-2023-3734
CVE-2023-3735
CVE-2023-3736
CVE-2023-3737
CVE-2023-3738
CVE-2023-3740
https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html
fd3401a1-b6df-4577-917a-2c22fee99d34chromium -- multiple security fixes

Chrome Releases reports:

This update includes 3 security fixes:

  • [325893559] High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19
  • [325866363] High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-19
  • [325936438] High CVE-2024-2176: Use after free in FedCM. Reported by Anonymous on 2024-02-20

Discovery 2024-03-05
Entry 2024-03-06
chromium
< 122.0.6261.111

ungoogled-chromium
< 122.0.6261.111

CVE-2024-2173
CVE-2024-2174
CVE-2024-2176
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html
4edbea45-cb0c-11ee-86bb-a8a1599412c6chromium -- security fix

Chrome Releases reports:

This update includes 1 security fix.


Discovery 2024-02-13
Entry 2024-02-14
chromium
< 121.0.6167.184

ungoogled-chromium
< 121.0.6167.184

https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_13.html
31bb1b8d-d6dc-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 4 security fixes:

  • [324596281] High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11
  • [323694592] High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2024-02-05

Discovery 2024-02-27
Entry 2024-02-29
chromium
< 122.0.6261.94

ungoogled-chromium
< 122.0.6261.94

CVE-2024-1938
CVE-2024-1939
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html
2a470712-d351-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 12 security fixes:

  • [41495060] High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26
  • [41481374] High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim(@cassidy6564) on 2023-12-06
  • [41487933] Medium CVE-2024-1671: Inappropriate implementation in Site Isolation. Reported by Harry Chen on 2024-01-03
  • [41485789] Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy. Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien) on 2023-12-19
  • [41490491] Medium CVE-2024-1673: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-01-11
  • [40095183] Medium CVE-2024-1674: Inappropriate implementation in Navigation. Reported by David Erceg on 2019-05-27
  • [41486208] Medium CVE-2024-1675: Insufficient policy enforcement in Download. Reported by Bartłomiej Wacko on 2023-12-21
  • [40944847] Low CVE-2024-1676: Inappropriate implementation in Navigation. Reported by Khalil Zhani on 2023-11-21

Discovery 2024-02-20
Entry 2024-02-24
chromium
< 122.0.6261.57

ungoogled-chromium
< 122.0.6261.57

https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html
814af1be-ec63-11ee-8e76-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 7 security fixes:

  • [327807820] Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03
  • [328958020] High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11
  • [330575496] High CVE-2024-2886: Use after free in WebCodecs. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024 on 2024-03-21
  • [330588502] High CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul, via Pwn2Own 2024 on 2024-03-21

Discovery 2024-03-26
Entry 2024-03-27
chromium
< 123.0.6312.86

ungoogled-chromium
< 123.0.6312.86

CVE-2024-2883
CVE-2024-2885
CVE-2024-2886
CVE-2024-2887
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_26.html
dc9e5237-c197-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 4 security fixes:

  • [1511567] High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14
  • [1514777] High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-12-29
  • [1511085] High CVE-2024-1077: Use after free in Network. Reported by Microsoft Security Research Center on 2023-12-13

Discovery 2024-01-30
Entry 2024-02-02
chromium
< 121.0.6167.139

ungoogled-chromium
< 121.0.6167.139

qt5-webengine
< 5.15.16.p5_5

qt6-webengine
< 6.6.1_5

CVE-2024-1060
CVE-2024-1059
CVE-2024-1077
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html
72d6d757-c197-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 17 security fixes:

  • [1484394] High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19
  • [1504936] High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001) on 2023-11-24
  • [1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools. Reported by Shaheen Fazim on 2023-10-26
  • [1463935] Medium CVE-2024-0814: Incorrect security UI in Payments. Reported by Muneaki Nishimura (nishimunea) on 2023-07-11
  • [1477151] Medium CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01 on 2023-08-30
  • [1505176] Medium CVE-2024-0806: Use after free in Passwords. Reported by 18楼梦想改造家 on 2023-11-25
  • [1514925] Medium CVE-2024-0805: Inappropriate implementation in Downloads. Reported by Om Apip on 2024-01-01
  • [1515137] Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2024-01-03
  • [1494490] Low CVE-2024-0811: Inappropriate implementation in Extensions API. Reported by Jann Horn of Google Project Zero on 2023-10-21
  • [1497985] Low CVE-2024-0809: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-10-31

Discovery 2024-01-23
Entry 2024-02-02
chromium
< 121.0.6167.85

ungoogled-chromium
< 121.0.6167.85

CVE-2024-0812
CVE-2024-0808
CVE-2024-0810
CVE-2024-0814
CVE-2024-0813
CVE-2024-0806
CVE-2024-0805
CVE-2024-0804
CVE-2024-0811
CVE-2024-0809
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html
19047673-c680-11ee-86bb-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 3 security fixes:

  • [41494539] High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25
  • [41494860] High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti (@r3tr074) on 2024-01-25

Discovery 2024-02-06
Entry 2024-02-08
chromium
< 121.0.6167.160

ungoogled-chromium
< 121.0.6167.160

qt5-webengine
< 5.15.16.p5_5

qt6-webengine
< 6.6.1_5

CVE-2024-1284
CVE-2024-1283
https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html
80815c47-e84f-11ee-8e76-a8a1599412c6chromium -- multiple security fixes

Chrome Releases reports:

This update includes 12 security fixes:

  • [327740539] High CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-03-01
  • [40945098] Medium CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-22
  • [41493290] Medium CVE-2024-2627: Use after free in Canvas. Reported by Anonymous on 2024-01-21
  • [41487774] Medium CVE-2024-2628: Inappropriate implementation in Downloads. Reported by Ath3r1s on 2024-01-03
  • [41487721] Medium CVE-2024-2629: Incorrect security UI in iOS. Reported by Muneaki Nishimura (nishimunea) on 2024-01-02
  • [41481877] Medium CVE-2024-2630: Inappropriate implementation in iOS. Reported by James Lee (@Windowsrcer) on 2023-12-07
  • [41495878] Low CVE-2024-2631: Inappropriate implementation in iOS. Reported by Ramit Gangwar on 2024-01-29

Discovery 2024-03-19
Entry 2024-03-22
chromium
< 123.0.6312.58

ungoogled-chromium
< 123.0.6312.58

CVE-2024-2625
CVE-2024-2626
CVE-2024-2627
CVE-2024-2628
CVE-2024-2629
CVE-2024-2630
CVE-2024-2631
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html