CVE-2023-7024 – Google Chromium WebRTC Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-7024
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento de búfer de almacenamiento dinámico en WebRTC en Google Chrome anterior a 120.0.6099.129 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome. • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html https://crbug.com/1513170 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M6AJDHUL6EDPURWQXGLUFJNDE7SOJT3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JL4VHZMHFGEGQYTF74533ZNRWMCMMR https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5585 • CWE-787: Out-of-bounds Write •
CVE-2023-3742
https://notcve.org/view.php?id=CVE-2023-3742
Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High) La aplicación insuficiente de políticas en ADB en Google Chrome en ChromeOS anterior a 114.0.5735.90 permitió a un atacante local omitir las restricciones de políticas del dispositivo mediante acceso físico al dispositivo. (Severidad de seguridad de Chrome: alta) • https://bugs.chromium.org/p/chromium/issues/detail?id=1443292 https://crbug.com/1443292 •
CVE-2023-6702
https://notcve.org/view.php?id=CVE-2023-6702
Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) La confusión de tipos en V8 en Google Chrome anterior a 120.0.6099.109 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://github.com/kaist-hacking/CVE-2023-6702 https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html https://crbug.com/1501326 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI https://security.gentoo.org/glsa/202401-34 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2023-6703
https://notcve.org/view.php?id=CVE-2023-6703
Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use After Free en Blink en Google Chrome anterior a 120.0.6099.109 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html https://crbug.com/1502102 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI https://security.gentoo.org/glsa/202401-34 • CWE-416: Use After Free •
CVE-2023-6705
https://notcve.org/view.php?id=CVE-2023-6705
Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use After Free en WebRTC en Google Chrome anterior a 120.0.6099.109 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html https://crbug.com/1505708 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI https://security.gentoo.org/glsa/202401-34 • CWE-416: Use After Free •