FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6b04476f-601c-11ed-92ce-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 10 security fixes, including:

  • [1377816] High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24
  • [1372999] High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10
  • [1372695] High CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08
  • [1375059] High CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16
  • [1380063] High CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01
  • [1380083] High CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01

Discovery 2022-11-08
Entry 2022-11-09
chromium
< 107.0.5304.110

ungoogled-chromium
< 107.0.5304.110

CVE-2022-3885
CVE-2022-3886
CVE-2022-3887
CVE-2022-3888
CVE-2022-3889
CVE-2022-3890
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
7b929503-911d-11ed-a925-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 17 security fixes, including:

  • [1353208] High CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-08-16
  • [1382033] High CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine on 2022-11-07
  • [1370028] Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh on 2022-09-30
  • [1357366] Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK on 2022-08-28
  • [1371215] Medium CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia) on 2022-10-05
  • [1375132] Medium CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz on 2022-10-17
  • [1385709] Medium CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-17
  • [1385831] Medium CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy) on 2022-11-18
  • [1356987] Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong on 2022-08-26
  • [1399904] Medium CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L. on 2022-12-10
  • [1346675] Low CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau on 2022-07-23
  • [1367632] Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong on 2022-09-24
  • [1326788] Low CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au on 2022-05-18
  • [1362331] Low CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet on 2022-09-12

Discovery 2023-01-10
Entry 2023-01-10
chromium
< 109.0.5414.74

ungoogled-chromium
< 109.0.5414.74

CVE-2023-0128
CVE-2023-0129
CVE-2023-0130
CVE-2023-0131
CVE-2023-0132
CVE-2023-0133
CVE-2023-0134
CVE-2023-0135
CVE-2023-0136
CVE-2023-0137
CVE-2023-0138
CVE-2023-0139
CVE-2023-0140
CVE-2023-0141
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html
83eb9374-7b97-11ed-be8f-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 8 security fixes, including:

  • [1383991] High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15
  • [1394692] High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30
  • [1381871] High CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07
  • [1392661] High CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22
  • [1382761] Medium CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09

Discovery 2022-12-13
Entry 2022-12-14
chromium
< 108.0.5359.124

ungoogled-chromium
< 108.0.5359.124

CVE-2022-4436
CVE-2022-4437
CVE-2022-4438
CVE-2022-4439
CVE-2022-4440
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
c8b334e0-6e83-4575-81d1-f9d5803ceb07chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 8 security fixes:

  • [1421773] High CVE-2023-1528: Use after free in Passwords. Reported by Wan Choi of Seoul National University on 2023-03-07
  • [1419718] High CVE-2023-1529: Out of bounds memory access in WebHID. Reported by anonymous on 2023-02-27
  • [1419831] High CVE-2023-1530: Use after free in PDF. Reported by The UK's National Cyber Security Centre (NCSC) on 2023-02-27
  • [1415330] High CVE-2023-1531: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos on 2023-02-13
  • [1421268] High CVE-2023-1532: Out of bounds read in GPU Video. Reported by Mark Brand of Google Project Zero on 2023-03-03
  • [1422183] High CVE-2023-1533: Use after free in WebProtect. Reported by Weipeng Jiang (@Krace) of VRI on 2023-03-07
  • [1422594] High CVE-2023-1534: Out of bounds read in ANGLE. Reported by Jann Horn and Mark Brand of Google Project Zero on 2023-03-08

Discovery 2023-03-21
Entry 2023-03-22
chromium
< 111.0.5563.110

ungoogled-chromium
< 111.0.5563.110

CVE-2023-1528
CVE-2023-1529
CVE-2023-1530
CVE-2023-1531
CVE-2023-1532
CVE-2023-1533
CVE-2023-1534
https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html
8d3838b0-6ca8-11ed-92ce-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 1 security fix:

  • [1392715] High CVE-2022-4135: Heap buffer overflow in GPU. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-22

Google is aware that an exploit for CVE-2022-4135 exists in the wild.


Discovery 2022-11-24
Entry 2022-11-25
chromium
< 107.0.5304.121

ungoogled-chromium
< 107.0.5304.121

CVE-2022-4135
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
3d0a3eb0-9ca3-11ed-a925-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 6 security fixes, including:

  • [1376354] High CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564) on 2022-10-19
  • [1405256] High CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-01-06
  • [1404639] Medium CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab on 2023-01-03
  • [1400841] Medium CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L on 2022-12-14

Discovery 2023-01-24
Entry 2023-01-25
chromium
< 109.0.5414.119

ungoogled-chromium
< 109.0.5414.119

CVE-2023-0471
CVE-2023-0472
CVE-2023-0473
CVE-2023-0474
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html
d357f6bb-0af4-4ac9-b096-eeec183ad829chromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 40 security fixes:

  • [1411210] High CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-01-30
  • [1412487] High CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-02-03
  • [1417176] High CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous on 2023-02-17
  • [1417649] High CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-02-21
  • [1412658] High CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab on 2023-02-03
  • [1413628] High CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous on 2023-02-07
  • [1415328] High CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero on 2023-02-13
  • [1417185] High CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero on 2023-02-17
  • [1385343] Medium CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry on 2022-11-16
  • [1403515] Medium CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564) on 2022-12-24
  • [1398579] Medium CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-12-07
  • [1403539] Medium CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita on 2022-12-25
  • [1408799] Medium CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft on 2023-01-20
  • [1013080] Medium CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous on 2019-10-10
  • [1348791] Medium CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel on 2022-07-31
  • [1365100] Medium CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong on 2022-09-18
  • [1160485] Medium CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita on 2020-12-20
  • [1404230] Medium CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong on 2022-12-30
  • [1274887] Medium CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave on 2021-11-30
  • [1346924] Low CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta on 2022-07-24
  • [1045681] Low CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami on 2020-01-25
  • [1404621] Low CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-01-03
  • [1404704] Low CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-03
  • [1374518] Low CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz on 2022-10-14

Discovery 2023-03-08
Entry 2023-03-09
chromium
< 111.0.5563.64

ungoogled-chromium
< 111.0.5563.64

CVE-2023-1213
CVE-2023-1214
CVE-2023-1215
CVE-2023-1216
CVE-2023-1217
CVE-2023-1218
CVE-2023-1219
CVE-2023-1220
CVE-2023-1221
CVE-2023-1222
CVE-2023-1223
CVE-2023-1224
CVE-2023-1225
CVE-2023-1226
CVE-2023-1227
CVE-2023-1228
CVE-2023-1229
CVE-2023-1230
CVE-2023-1231
CVE-2023-1232
CVE-2023-1233
CVE-2023-1234
CVE-2023-1235
CVE-2023-1236
https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html
5f7ed6ea-70a7-11ed-92ce-3065ec8fd3ecchromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 28 security fixes, including:

  • [1379054] High CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2022-10-27
  • [1381401] High CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2022-11-04
  • [1361066] High CVE-2022-4176: Out of bounds write in Lacros Graphics. Reported by @ginggilBesel on 2022-09-08
  • [1379242] High CVE-2022-4177: Use after free in Extensions. Reported by Chaoyuan Peng (@ret2happy) on 2022-10-28
  • [1376099] High CVE-2022-4178: Use after free in Mojo. Reported by Sergei Glazunov of Google Project Zero on 2022-10-18
  • [1377783] High CVE-2022-4179: Use after free in Audio. Reported by Sergei Glazunov of Google Project Zero on 2022-10-24
  • [1378564] High CVE-2022-4180: Use after free in Mojo. Reported by Anonymous on 2022-10-26
  • [1382581] High CVE-2022-4181: Use after free in Forms. Reported by Aviv A. on 2022-11-09
  • [1368739] Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames. Reported by Peter Nemeth on 2022-09-28
  • [1251790] Medium CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. Reported by David Sievers on 2021-09-22
  • [1358647] Medium CVE-2022-4184: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2022-09-01
  • [1373025] Medium CVE-2022-4185: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) on 2022-10-10
  • [1377165] Medium CVE-2022-4186: Insufficient validation of untrusted input in Downloads. Reported by Luan Herrera (@lbherrera_) on 2022-10-21
  • [1381217] Medium CVE-2022-4187: Insufficient policy enforcement in DevTools. Reported by Axel Chong on 2022-11-04
  • [1340879] Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS. Reported by Philipp Beer (TU Wien) on 2022-06-30
  • [1344647] Medium CVE-2022-4189: Insufficient policy enforcement in DevTools. Reported by NDevTK on 2022-07-15
  • [1378997] Medium CVE-2022-4190: Insufficient data validation in Directory. Reported by Axel Chong on 2022-10-27
  • [1373941] Medium CVE-2022-4191: Use after free in Sign-In. Reported by Jaehun Jeong(@n3sk) of Theori on 2022-10-12
  • [1344514] Medium CVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci @sametbekmezci on 2022-07-14
  • [1354518] Medium CVE-2022-4193: Insufficient policy enforcement in File System API. Reported by Axel Chong on 2022-08-19
  • [1370562] Medium CVE-2022-4194: Use after free in Accessibility. Reported by Anonymous on 2022-10-03
  • [1371926] Medium CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Reported by Eric Lawrence of Microsoft on 2022-10-06

Discovery 2022-11-29
Entry 2022-11-30
chromium
< 108.0.5359.71

ungoogled-chromium
< 108.0.5359.71

CVE-2022-4174
CVE-2022-4175
CVE-2022-4176
CVE-2022-4177
CVE-2022-4178
CVE-2022-4179
CVE-2022-4180
CVE-2022-4181
CVE-2022-4182
CVE-2022-4183
CVE-2022-4184
CVE-2022-4185
CVE-2022-4186
CVE-2022-4187
CVE-2022-4188
CVE-2022-4189
CVE-2022-4190
CVE-2022-4191
CVE-2022-4192
CVE-2022-4193
CVE-2022-4194
CVE-2022-4195
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html
310ca30e-a951-11ed-8314-a8a1599412c6chromium -- multiple vulnerabilities

Chrome Releases reports:

This release contains 15 security fixes, including:

  • [1402270] High CVE-2023-0696: Type Confusion in V8. Reported by Haein Lee at KAIST Hacking Lab on 2022-12-18
  • [1341541] High CVE-2023-0697: Inappropriate implementation in Full screen mode. Reported by Ahmed ElMasry on 2022-07-03
  • [1403573] High CVE-2023-0698: Out of bounds read in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2022-12-25
  • [1371859] Medium CVE-2023-0699: Use after free in GPU. Reported by 7o8v and Cassidy Kim(@cassidy6564) on 2022-10-06
  • [1393732] Medium CVE-2023-0700: Inappropriate implementation in Download. Reported by Axel Chong on 2022-11-26
  • [1405123] Medium CVE-2023-0701: Heap buffer overflow in WebUI. Reported by Sumin Hwang of SSD Labs on 2023-01-05
  • [1316301] Medium CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri on 2022-04-14
  • [1405574] Medium CVE-2023-0703: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-07
  • [1385982] Low CVE-2023-0704: Insufficient policy enforcement in DevTools. Reported by Rhys Elsmore and Zac Sims of the Canva security team on 2022-11-18
  • [1238642] Low CVE-2023-0705: Integer overflow in Core. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-11

Discovery 2023-02-07
Entry 2023-02-10
chromium
< 110.0.5481.77

ungoogled-chromium
< 110.0.5481.77

CVE-2023-0696
CVE-2023-0697
CVE-2023-0698
CVE-2023-0699
CVE-2023-0700
CVE-2023-0701
CVE-2023-0702
CVE-2023-0703
CVE-2023-0704
CVE-2023-0705
https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html
2899da38-7300-11ed-92ce-3065ec8fd3ecchromium -- Type confusion in V8

Chrome Releases reports:

This release contains 1 security fix:

  • [1394403] High CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-29

Google is aware that an exploit for CVE-2022-4262 exists in the wild.


Discovery 2022-12-02
Entry 2022-12-03
chromium
< 108.0.5359.94

ungoogled-chromium
< 108.0.5359.94

CVE-2022-4262
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
4d6b5ea9-bc64-4e77-a7ee-d62ba68a80ddchromium -- multiple vulnerabilities

Chrome Releases reports:

This update includes 10 security fixes:

  • [1415366] Critical CVE-2023-0941: Use after free in Prompts. Reported by Anonymous on 2023-02-13
  • [1414738] High CVE-2023-0927: Use after free in Web Payments API. Reported by Rong Jian of VRI on 2023-02-10
  • [1309035] High CVE-2023-0928: Use after free in SwiftShader. Reported by Anonymous on 2022-03-22
  • [1399742] High CVE-2023-0929: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2022-12-09
  • [1410766] High CVE-2023-0930: Heap buffer overflow in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-27
  • [1407701] High CVE-2023-0931: Use after free in Video. Reported by Cassidy Kim(@cassidy6564) on 2023-01-17
  • [1413005] High CVE-2023-0932: Use after free in WebRTC. Reported by Omri Bushari (Talon Cyber Security) on 2023-02-05
  • [1404864] Medium CVE-2023-0933: Integer overflow in PDF. Reported by Zhiyi Zhang from Codesafe Team of Legendsec at QI-ANXIN

Discovery 2023-02-22
Entry 2023-02-22
chromium
< 110.0.5481.177

ungoogled-chromium
< 110.0.5481.177

CVE-2023-0941
CVE-2023-0927
CVE-2023-0928
CVE-2023-0929
CVE-2023-0930
CVE-2023-0931
CVE-2023-0932
CVE-2023-0933
https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html