CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2023-2934 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-2934
30 May 2023 — Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) During a Mojo IPC method call, there are multiple stages of validation and deserialization that take place. These assume that the contents of the message cannot be modified during the deserialization process, but the new core_ipcz implementation returns message contents directly in shared memory. • https://packetstorm.news/files/id/173259 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2933 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-2933
30 May 2023 — Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2932 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-2932
30 May 2023 — Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2931 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-2931
30 May 2023 — Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2930 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-2930
30 May 2023 — Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2023-2929 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-2929
30 May 2023 — Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-2726 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-2726
16 May 2023 — Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-2725 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-2725
16 May 2023 — Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 1CVE-2023-2724 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-2724
16 May 2023 — Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. • https://packetstorm.news/files/id/173131 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-2723 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-2723
16 May 2023 — Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html • CWE-416: Use After Free •