CVE-2023-4863
Published: 12 September 2023
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Notes
Author | Note |
---|---|
alexmurray | The Debian chromium source package is called chromium-browser in Ubuntu |
mdeslaur | starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap |
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
xenial |
Ignored
(end of standard support)
|
|
bionic |
Ignored
(end of standard support)
|
|
focal |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(code not present)
|
|
lunar |
Not vulnerable
(code not present)
|
|
upstream |
Released
|
|
libwebp Launchpad, Ubuntu, Debian |
trusty |
Needs triage
|
xenial |
Needs triage
|
|
bionic |
Released
(0.6.1-2ubuntu0.18.04.2+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
focal |
Released
(0.6.1-2ubuntu0.20.04.3)
|
|
jammy |
Released
(1.2.2-2ubuntu0.22.04.2)
|
|
lunar |
Released
(1.2.4-0.1ubuntu0.23.04.2)
|
|
upstream |
Needs triage
|
|
Patches: upstream: https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a (main) upstream: https://github.com/webmproject/libwebp/commit/8bacd63a6de1cc091f85a1692390401e7bbf55ac (1.2.4) upstream: https://github.com/webmproject/libwebp/commit/801d2be12dba966233c21f850490203eb1acf014 (1.2.2) |
||
firefox Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
xenial |
Ignored
(end of standard support)
|
|
bionic |
Ignored
(end of standard support)
|
|
focal |
Released
(117.0.1+build2-0ubuntu0.20.04.1)
|
|
jammy |
Not vulnerable
(code not present)
|
|
lunar |
Not vulnerable
(code not present)
|
|
upstream |
Released
(117.0.1)
|
|
thunderbird Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
xenial |
Ignored
(end of standard support)
|
|
bionic |
Ignored
(end of standard support)
|
|
focal |
Released
(1:102.15.1+build1-0ubuntu0.20.04.1)
|
|
jammy |
Released
(1:102.15.1+build1-0ubuntu0.22.04.1)
|
|
lunar |
Released
(1:102.15.1+build1-0ubuntu0.23.04.1)
|
|
upstream |
Released
(115.2.2)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
- https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
- https://ubuntu.com/security/notices/USN-6367-1
- https://ubuntu.com/security/notices/USN-6368-1
- https://ubuntu.com/security/notices/USN-6369-1
- https://blog.isosceles.com/the-webp-0day/
- https://ubuntu.com/security/notices/USN-6369-2
- NVD
- Launchpad
- Debian