Ubuntu 6283 Published by

A Chromium security update has been released for Ubuntu Linux 18.04 LTS



USN-5881-1: Chromium vulnerabilities


==========================================================================
Ubuntu Security Notice USN-5881-1
February 21, 2023

chromium-browser vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Chromium.

Software Description:
- chromium-browser: Chromium web browser, open-source version of Chrome

Details:

It was discovered that Chromium did not properly manage memory. A remote
attacker could possibly use these issues to cause a denial of service or
execute arbitrary code via a crafted HTML page. (CVE-2023-0471,
CVE-2023-0472, CVE-2023-0473, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699,
CVE-2023-0702, CVE-2023-0705)

It was discovered that Chromium did not properly manage memory. A remote
attacker who convinced a user to install a malicious extension could
possibly use this issue to corrupt memory via a Chrome web app.
(CVE-2023-0474)

It was discovered that Chromium contained an inappropriate implementation
in the Download component. A remote attacker could possibly use this issue
to spoof contents of the Omnibox (URL bar) via a crafted HTML page.
(CVE-2023-0700)

It was discovered that Chromium did not properly manage memory. A remote
attacker who convinced a user to engage in specific UI interactions could
possibly use these issues to cause a denial of service or execute
arbitrary code. (CVE-2023-0701, CVE-2023-0703)

It was discovered that Chromium insufficiently enforced policies. A remote
attacker could possibly use this issue to bypass same origin policy and
proxy settings via a crafted HTML page. (CVE-2023-0704)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
chromium-browser 110.0.5481.100-0ubuntu0.18.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://ubuntu.com/security/notices/USN-5881-1
CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0474,
CVE-2023-0696, CVE-2023-0698, CVE-2023-0699, CVE-2023-0700,
CVE-2023-0701, CVE-2023-0702, CVE-2023-0703, CVE-2023-0704,
CVE-2023-0705

Package Information:
https://launchpad.net/ubuntu/+source/chromium-browser/110.0.5481.100-0ubuntu0.18.04.1