WID-SEC-W-2023-2305
Vulnerability from csaf_certbund
Published
2023-09-11 22:00
Modified
2024-02-20 23:00
Summary
Google Chrome / Microsoft Edge: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Chrome ist ein Internet-Browser von Google.
Edge ist ein Internet-Browser von Microsoft.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome / Microsoft Edge ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Chrome ist ein Internet-Browser von Google.\r\nEdge ist ein Internet-Browser von Microsoft.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Google Chrome / Microsoft Edge ausnutzen, um beliebigen Programmcode auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- MacOS X\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2305 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2305.json" }, { "category": "self", "summary": "WID-SEC-2023-2305 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2305" }, { "category": "external", "summary": "Google Chrome Stable Channel Update for Desktop vom 2023-09-11", "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html" }, { "category": "external", "summary": "Microsoft Leitfaden f\u00fcr Sicherheiztsupdates vom 2023-09-12", "url": "https://msrc.microsoft.com/update-guide/" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-D5FAEDE1D6 vom 2023-09-13", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d5faede1d6" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-F8319BD876 vom 2023-09-13", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-f8319bd876" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-C4FA8A204D vom 2023-09-13", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c4fa8a204d" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-3388038193 vom 2023-09-13", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3388038193" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-509640A8A6 vom 2023-09-13", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-509640a8a6" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-788F9BBB3F vom 2023-09-13", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-788f9bbb3f" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-32FA4259F4 vom 2023-09-13", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-32fa4259f4" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-9A6FD7A504 vom 2023-09-13", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9a6fd7a504" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-3D1935DC6A vom 2023-09-13", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3d1935dc6a" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-EA08732E6A vom 2023-09-17", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ea08732e6a" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-D58A84DDA8 vom 2023-09-17", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d58a84dda8" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-0DE0929147 vom 2023-09-17", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0de0929147" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-C66924CB92 vom 2023-09-17", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c66924cb92" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-54433BC31F vom 2023-09-17", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-54433bc31f" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-3BFB63F6D2 vom 2023-09-17", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3bfb63f6d2" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5185 vom 2023-09-18", "url": "https://access.redhat.com/errata/RHSA-2023:5185" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-0DF1F37A48 vom 2023-09-18", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0df1f37a48" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-A33B8C01E7 vom 2023-09-18", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-a33b8c01e7" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-05DC047BF8 vom 2023-09-18", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-05dc047bf8" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-79B0154754 vom 2023-09-18", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-79b0154754" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-B427F54E68 vom 2023-09-18", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-b427f54e68" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5222 vom 2023-09-19", "url": "https://access.redhat.com/errata/RHSA-2023:5222" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5214 vom 2023-09-19", "url": "https://access.redhat.com/errata/RHSA-2023:5214" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5309 vom 2023-09-20", "url": "https://access.redhat.com/errata/RHSA-2023:5309" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2023-5309 vom 2023-09-20", "url": "https://linux.oracle.com/errata/ELSA-2023-5309.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2023-5214 vom 2023-09-20", "url": "http://linux.oracle.com/errata/ELSA-2023-5214.html" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-DA064561FA vom 2023-09-24", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-da064561fa" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-9ABC3565B5 vom 2023-09-24", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9abc3565b5" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-09CC239FE3 vom 2023-09-24", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-09cc239fe3" }, { "category": "external", "summary": "Important release of LibreOffice", "url": "https://blog.documentfoundation.org/blog/2023/09/26/lo-762-and-lo-757/" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6369-2 vom 2023-09-28", "url": "https://ubuntu.com/security/notices/USN-6369-2" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2023:3829-1 vom 2023-09-27", "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016363.html" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-E692A72898 vom 2023-09-28", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-e692a72898" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-9108CDA47C vom 2023-09-28", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-9108cda47c" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-2A0668FE43 vom 2023-09-28", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-2a0668fe43" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-CCA1F87440 vom 2023-09-30", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-cca1f87440" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-0CD03C3746 vom 2023-09-30", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0cd03c3746" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-C890266D3F vom 2023-09-30", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-c890266d3f" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-2023-D66A01AD4F vom 2023-09-30", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d66a01ad4f" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-8F3E1B6F78 vom 2023-09-30", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-8f3e1b6f78" }, { "category": "external", "summary": "Fedora Security Advisory FEDORA-EPEL-2023-EDC9C74369 vom 2023-09-30", "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-edc9c74369" }, { "category": "external", "summary": "NetApp Security Advisory NTAP-20230929-0011 vom 2023-09-29", "url": "https://security.netapp.com/advisory/ntap-20230929-0011/" }, { "category": "external", "summary": "Elastic Security Announcement ESA-2023-19 vom 2023-10-10", "url": "https://discuss.elastic.co/t/kibana-8-10-3-7-17-14-security-update/344735" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2023-2290 vom 2023-10-20", "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2290.html" }, { "category": "external", "summary": "WatchGuard Security Advisory WGSA-2023-00008 vom 2023-11-01", "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00008" }, { "category": "external", "summary": "Dell Security Advisory DSA-2023-396 vom 2023-12-06", "url": "https://www.dell.com/support/kbdoc/000218770/dsa-2023-=" }, { "category": "external", "summary": "HP Security Bulletin HPSBPI03916 vom 2024-02-13", "url": "https://support.hp.com/us-en/document/ish_10173649-10204798-16/HPSBPI03916" } ], "source_lang": "en-US", "title": "Google Chrome / Microsoft Edge: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung", "tracking": { "current_release_date": "2024-02-20T23:00:00.000+00:00", "generator": { "date": "2024-02-21T11:06:38.970+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2305", "initial_release_date": "2023-09-11T22:00:00.000+00:00", "revision_history": [ { "date": "2023-09-11T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-09-12T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates aufgenommen" }, { "date": "2023-09-13T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2023-09-17T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2023-09-18T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat und Fedora aufgenommen" }, { "date": "2023-09-20T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen" }, { "date": "2023-09-24T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2023-09-26T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates aufgenommen" }, { "date": "2023-09-27T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Ubuntu und SUSE aufgenommen" }, { "date": "2023-09-28T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Fedora aufgenommen" }, { "date": "2023-10-01T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Fedora und NetApp aufgenommen" }, { "date": "2023-10-10T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Elastic aufgenommen" }, { "date": "2023-10-19T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2023-11-01T23:00:00.000+00:00", "number": "14", "summary": "Neue Updates von WatchGuard aufgenommen" }, { "date": "2023-12-05T23:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Dell aufgenommen" }, { "date": "2024-02-20T23:00:00.000+00:00", "number": "16", "summary": "Neue Updates von HP aufgenommen" } ], "status": "final", "version": "16" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Dell Computer", "product": { "name": "Dell Computer", "product_id": "T006498", "product_identification_helper": { "cpe": "cpe:/o:dell:dell_computer:-" } } } ], "category": "vendor", "name": "Dell" }, { "branches": [ { "category": "product_name", "name": "Fedora Linux", "product": { "name": "Fedora Linux", "product_id": "74185", "product_identification_helper": { "cpe": "cpe:/o:fedoraproject:fedora:-" } } } ], "category": "vendor", "name": "Fedora" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 116.0.5845.187", "product": { "name": "Google Chrome \u003c 116.0.5845.187", "product_id": "T029774", "product_identification_helper": { "cpe": "cpe:/a:google:chrome:116.0.5845.187" } } }, { "category": "product_version_range", "name": "\u003c 116.0.5845.188", "product": { "name": "Google Chrome \u003c 116.0.5845.188", "product_id": "T029775", "product_identification_helper": { "cpe": "cpe:/a:google:chrome:116.0.5845.188" } } } ], "category": "product_name", "name": "Chrome" } ], "category": "vendor", "name": "Google" }, { "branches": [ { "category": "product_name", "name": "HP LaserJet", "product": { "name": "HP LaserJet", "product_id": "T029061", "product_identification_helper": { "cpe": "cpe:/h:hp:laserjet:-" } } } ], "category": "vendor", "name": "HP" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 116.0.1938.81", "product": { "name": "Microsoft Edge \u003c 116.0.1938.81", "product_id": "T029787", "product_identification_helper": { "cpe": "cpe:/a:microsoft:edge:116.0.1938.81" } } } ], "category": "product_name", "name": "Edge" } ], "category": "vendor", "name": "Microsoft" }, { "branches": [ { "category": "product_name", "name": "NetApp ActiveIQ Unified Manager", "product": { "name": "NetApp ActiveIQ Unified Manager", "product_id": "T026333", "product_identification_helper": { "cpe": "cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere" } } } ], "category": "vendor", "name": "NetApp" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 8.10.3", "product": { "name": "Open Source Kibana \u003c 8.10.3", "product_id": "T030371", "product_identification_helper": { "cpe": "cpe:/a:elasticsearch:kibana:8.10.3" } } }, { "category": "product_version_range", "name": "\u003c 7.17.14", "product": { "name": "Open Source Kibana \u003c 7.17.14", "product_id": "T030372", "product_identification_helper": { "cpe": "cpe:/a:elasticsearch:kibana:7.17.14" } } } ], "category": "product_name", "name": "Kibana" }, { "branches": [ { "category": "product_version_range", "name": "\u003c 7.6.2", "product": { "name": "Open Source LibreOffice \u003c 7.6.2", "product_id": "T030072", "product_identification_helper": { "cpe": "cpe:/a:libreoffice:libreoffice:7.6.2" } } }, { "category": "product_version_range", "name": "\u003c 7.5.7", "product": { "name": "Open Source LibreOffice \u003c 7.5.7", "product_id": "T030073", "product_identification_helper": { "cpe": "cpe:/a:libreoffice:libreoffice:7.5.7" } } } ], "category": "product_name", "name": "LibreOffice" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" }, { "branches": [ { "category": "product_name", "name": "WatchGuard Firebox", "product": { "name": "WatchGuard Firebox", "product_id": "T030882", "product_identification_helper": { "cpe": "cpe:/a:watchguard:firebox:-" } } } ], "category": "vendor", "name": "WatchGuard" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-5129", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Google Chrome / Microsoft Edge. Dieser Fehler besteht in der WebP-Komponente aufgrund eines Heap-Puffer\u00fcberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, indem er einen Benutzer zum Besuch einer b\u00f6sartigen Website verleitet. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T006498", "T030882", "T002207", "67646", "T000126", "T029061", "398363", "T004914", "T030372", "T030371", "74185", "T026333" ] }, "release_date": "2023-09-11T22:00:00Z", "title": "CVE-2023-5129" }, { "cve": "CVE-2023-4863", "notes": [ { "category": "description", "text": "Es besteht eine Schwachstelle in Google Chrome / Microsoft Edge. Dieser Fehler besteht in der WebP-Komponente aufgrund eines Heap-Puffer\u00fcberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Code auszuf\u00fchren, indem er einen Benutzer zum Besuch einer b\u00f6sartigen Website verleitet. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion." } ], "product_status": { "known_affected": [ "T006498", "T030882", "T002207", "67646", "T000126", "T029061", "398363", "T004914", "T030372", "T030371", "74185", "T026333" ] }, "release_date": "2023-09-11T22:00:00Z", "title": "CVE-2023-4863" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.