CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2934 – Chrome Mojo Message Validation Bypass
https://notcve.org/view.php?id=CVE-2023-2934
Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) During a Mojo IPC method call, there are multiple stages of validation and deserialization that take place. These assume that the contents of the message cannot be modified during the deserialization process, but the new core_ipcz implementation returns message contents directly in shared memory. • http://packetstormsecurity.com/files/173259/Chrome-Mojo-Message-Validation-Bypass.html https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html https://crbug.com/1429720 https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5418 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2933
https://notcve.org/view.php?id=CVE-2023-2933
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html https://crbug.com/1445426 https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5418 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2932
https://notcve.org/view.php?id=CVE-2023-2932
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html https://crbug.com/1444581 https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5418 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2931
https://notcve.org/view.php?id=CVE-2023-2931
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html https://crbug.com/1444238 https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5418 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2930
https://notcve.org/view.php?id=CVE-2023-2930
Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html https://crbug.com/1443401 https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5418 • CWE-416: Use After Free •