Important Notice: Security Vulnerabilities of Google Chrome
mandykmun2023-05-06T00:00:20+08:00資訊安全警示 Information Security Alert
To: All Users
As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Google have issued a security vulnerability notice about Chrome. Attackers can use the vulnerabilities to cause memory overflow of the target system, then leak information or execute arbitrary code remotely. Please be reminded to update the system as soon as possible if you are using the affected products.
Related vulnerabilities
- CVE-2023-1810
Heap buffer overflow vulnerability in Visuals component.
- CVE-2023-1811
Use-after-free vulnerability in Frames component.
- CVE-2023-1812
Out-of-bounds memory access vulnerability in DOM Bindings component.
- CVE-2023-1813
Improper settings issue in Extensions component.
- CVE-2023-1814
Insufficient validation of user input in Safe Browsing component.
- CVE-2023-1815
Use-after-free vulnerability in Networking APIs component.
- CVE-2023-1816
Insecure UI settings in Picture In Picture component.
- CVE-2023-1817
Security rule settings problem in Intents component.
- CVE-2023-1818
Use-after-free vulnerability in Vulkan components.
- CVE-2023-1819
Out-of-bounds read vulnerability in Accessibility component.
- CVE-2023-1820
Heap buffer overflow vulnerability in Browser History component.
- CVE-2023-1821
Improper settings issue in WebShare component.
- CVE-2023-1822
Insecure UI settings in Navigation component.
- CVE-2023-1823
Improper settings issue in FedCM component.
- Other unlisted vulnerabilities
Affected Products
Google Chrome version lower than 112.0.5615.49
For more details, please refer to: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html
Mitigation
If the above-mentioned affected products are being used, please update the Google Chrome as soon as possible.
Reference
- How to download and install software in a secure manner?
- Basic Knowledge of Online Safety and Security
- Other Information Security Tips
Should you have any enquiries, please feel free to contact ICTO Help Desk.
ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo
Information and Communication Technology Office
各位用戶:
資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Google官方發佈關於Chrome瀏覽器的多個安全漏洞,攻擊者利用這些漏洞可以造成目標系統的内存溢出,繼而洩露資訊或遠端執行任意程式碼。倘有使用受影響產品,請儘快對系統作出更新。
相關漏洞詳情
- CVE-2023-1810
Visuals組件中存在堆緩衝區溢出漏洞。
- CVE-2023-1811
Frames組件中存在釋放後使用漏洞。
- CVE-2023-1812
DOM Bindings組件中存在越界記憶體訪問漏洞。
- CVE-2023-1813
Extensions組件中存在不當設置問題。
- CVE-2023-1814
Safe Browsing組件對用戶輸入驗證不足漏洞。
- CVE-2023-1815
Networking APIs組件中存在釋放後使用漏洞。
- CVE-2023-1816
Picture In Picture組件中存在不安全的UI設置。
- CVE-2023-1817
Intents組件中存在安全規則設置問題。
- CVE-2023-1818
Vulkan組件中存在釋放後使用漏洞。
- CVE-2023-1819
Accessibility組件中存在越界讀取漏洞。
- CVE-2023-1820
Browser History組件中存在堆緩衝區溢出漏洞。
- CVE-2023-1821
WebShare組件中存在不當設置問題。
- CVE-2023-1822
Navigation組件中存在不安全的UI設置。
- CVE-2023-1823
FedCM組件中存在不當設置問題。
- 其他未有公開列出之漏洞
受影響版本
Google Chrome版本低於 112.0.5615.49
有關詳情可參考:https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html
處置建議
倘有使用上述受影響產品,須盡快安排更新Google Chrome瀏覽器。
參考資料
如有任何疑問,請聯絡資訊及通訊科技部服務中心。
服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo
資訊及通訊科技部