Important Notice: Security Vulnerabilities of Google Chrome

重要通知 : 關於 Google Chrome瀏覽器的安全漏洞通告

 2023-04-06     ICTO     Bulletin / 公告    (Expired/已過期)

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Google have issued a security vulnerability notice about Chrome. Attackers can use the vulnerabilities to cause memory overflow of the target system, then leak information or execute arbitrary code remotely. Please be reminded to update the system as soon as possible if you are using the affected products. 

Related vulnerabilities

  1. CVE-2023-1810

Heap buffer overflow vulnerability in Visuals component.

  1. CVE-2023-1811

Use-after-free vulnerability in Frames component.

  1. CVE-2023-1812

Out-of-bounds memory access vulnerability in DOM Bindings component.

  1. CVE-2023-1813

Improper settings issue in Extensions component.

  1. CVE-2023-1814

Insufficient validation of user input in Safe Browsing component.

  1. CVE-2023-1815

Use-after-free vulnerability in Networking APIs component.

  1. CVE-2023-1816

Insecure UI settings in Picture In Picture component.

  1. CVE-2023-1817

Security rule settings problem in Intents component.

  1. CVE-2023-1818

Use-after-free vulnerability in Vulkan components.

  1. CVE-2023-1819

Out-of-bounds read vulnerability in Accessibility component.

  1. CVE-2023-1820

Heap buffer overflow vulnerability in Browser History component.

  1. CVE-2023-1821

Improper settings issue in WebShare component.

  1. CVE-2023-1822

Insecure UI settings in Navigation component.

  1. CVE-2023-1823

Improper settings issue in FedCM component.

  1. Other unlisted vulnerabilities

 

Affected Products

Google Chrome version lower than 112.0.5615.49

For more details, please refer to: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html

 

Mitigation

If the above-mentioned affected products are being used, please update the Google Chrome as soon as possible.

 

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Google官方發佈關於Chrome瀏覽器的多個安全漏洞,攻擊者利用這些漏洞可以造成目標系統的内存溢出,繼而洩露資訊或遠端執行任意程式碼。倘有使用受影響產品,請儘快對系統作出更新。

相關漏洞詳情

  1. CVE-2023-1810

Visuals組件中存在堆緩衝區溢出漏洞。

  1. CVE-2023-1811

Frames組件中存在釋放後使用漏洞。

  1. CVE-2023-1812

DOM Bindings組件中存在越界記憶體訪問漏洞。

  1. CVE-2023-1813

Extensions組件中存在不當設置問題。

  1. CVE-2023-1814

Safe Browsing組件對用戶輸入驗證不足漏洞。

  1. CVE-2023-1815

Networking APIs組件中存在釋放後使用漏洞。

  1. CVE-2023-1816

Picture In Picture組件中存在不安全的UI設置。

  1. CVE-2023-1817

Intents組件中存在安全規則設置問題。

  1. CVE-2023-1818

Vulkan組件中存在釋放後使用漏洞。

  1. CVE-2023-1819

Accessibility組件中存在越界讀取漏洞。

  1. CVE-2023-1820

Browser History組件中存在堆緩衝區溢出漏洞。

  1. CVE-2023-1821

WebShare組件中存在不當設置問題。

  1. CVE-2023-1822

Navigation組件中存在不安全的UI設置。

  1. CVE-2023-1823

FedCM組件中存在不當設置問題。

  1. 其他未有公開列出之漏洞

 

受影響版本

Google Chrome版本低於 112.0.5615.49

有關詳情可參考:https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html

 

處置建議

倘有使用上述受影響產品,須盡快安排更新Google Chrome瀏覽器。

 

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。


位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部