CVE-2023-4863
Published: 12 September 2023
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Notes
| Author | Note |
|---|---|
| alexmurray | The Debian chromium source package is called chromium-browser in Ubuntu |
| mdeslaur | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
chromium-browser Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Not vulnerable
(code not present)
|
|
| jammy |
Not vulnerable
(code not present)
|
|
| lunar |
Not vulnerable
(code not present)
|
|
| upstream |
Released
|
|
|
libwebp Launchpad, Ubuntu, Debian |
trusty |
Needs triage
|
| xenial |
Needs triage
|
|
| bionic |
Released
(0.6.1-2ubuntu0.18.04.2+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| focal |
Released
(0.6.1-2ubuntu0.20.04.3)
|
|
| jammy |
Released
(1.2.2-2ubuntu0.22.04.2)
|
|
| lunar |
Released
(1.2.4-0.1ubuntu0.23.04.2)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a (main) upstream: https://github.com/webmproject/libwebp/commit/8bacd63a6de1cc091f85a1692390401e7bbf55ac (1.2.4) upstream: https://github.com/webmproject/libwebp/commit/801d2be12dba966233c21f850490203eb1acf014 (1.2.2) |
||
|
firefox Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Released
(117.0.1+build2-0ubuntu0.20.04.1)
|
|
| jammy |
Not vulnerable
(code not present)
|
|
| lunar |
Not vulnerable
(code not present)
|
|
| upstream |
Released
(117.0.1)
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| xenial |
Ignored
(end of standard support)
|
|
| bionic |
Ignored
(end of standard support)
|
|
| focal |
Released
(1:102.15.1+build1-0ubuntu0.20.04.1)
|
|
| jammy |
Released
(1:102.15.1+build1-0ubuntu0.22.04.1)
|
|
| lunar |
Released
(1:102.15.1+build1-0ubuntu0.23.04.1)
|
|
| upstream |
Released
(115.2.2)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
- https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
- https://ubuntu.com/security/notices/USN-6367-1
- https://ubuntu.com/security/notices/USN-6368-1
- https://ubuntu.com/security/notices/USN-6369-1
- https://blog.isosceles.com/the-webp-0day/
- https://ubuntu.com/security/notices/USN-6369-2
- NVD
- Launchpad
- Debian