ISHACK AI BOT

APSB23-01:Adobe Acrobat and Reader for Windows and macOS (CVE-2023-21606) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/13/2023 Added 01/12/2023 Modified 01/28/2025 Description Deprecated Solution(s) References https://attackerkb.com/topics/cve-2023-21606 CVE - 2023-21606 https://helpx.adobe.com/security/products/reader/apsb23-01.html

VMware Photon OS: CVE-2022-4337 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-4337 CVE - 2022-4337

Amazon Linux 2023: CVE-2023-21538: Important priority package update for dotnet6.0 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/10/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description .NET Denial of Service Vulnerability A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process. Solution(s) amazon-linux-2023-upgrade-aspnetcore-runtime-6-0 amazon-linux-2023-upgrade-aspnetcore-targeting-pack-6-0 amazon-linux-2023-upgrade-dotnet amazon-linux-2023-upgrade-dotnet6-0-debuginfo amazon-linux-2023-upgrade-dotnet6-0-debugsource amazon-linux-2023-upgrade-dotnet-apphost-pack-6-0 amazon-linux-2023-upgrade-dotnet-apphost-pack-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-host amazon-linux-2023-upgrade-dotnet-host-debuginfo amazon-linux-2023-upgrade-dotnet-hostfxr-6-0 amazon-linux-2023-upgrade-dotnet-hostfxr-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-runtime-6-0 amazon-linux-2023-upgrade-dotnet-runtime-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-sdk-6-0 amazon-linux-2023-upgrade-dotnet-sdk-6-0-debuginfo amazon-linux-2023-upgrade-dotnet-sdk-6-0-source-built-artifacts amazon-linux-2023-upgrade-dotnet-targeting-pack-6-0 amazon-linux-2023-upgrade-dotnet-templates-6-0 amazon-linux-2023-upgrade-netstandard-targeting-pack-2-1 References https://attackerkb.com/topics/cve-2023-21538 CVE - 2023-21538 https://alas.aws.amazon.com/AL2023/ALAS-2023-242.html

Microsoft Windows: CVE-2023-21765: Windows Print Spooler Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Windows Print Spooler Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022297 microsoft-windows-windows_10-1607-kb5022289 microsoft-windows-windows_10-1809-kb5022286 microsoft-windows-windows_10-20h2-kb5022282 microsoft-windows-windows_10-21h2-kb5022282 microsoft-windows-windows_10-22h2-kb5022282 microsoft-windows-windows_11-21h2-kb5022287 microsoft-windows-windows_11-22h2-kb5022303 microsoft-windows-windows_server_2012-kb5022343 microsoft-windows-windows_server_2012_r2-kb5022346 microsoft-windows-windows_server_2016-1607-kb5022289 microsoft-windows-windows_server_2019-1809-kb5022286 microsoft-windows-windows_server_2022-21h2-kb5022291 microsoft-windows-windows_server_2022-22h2-kb5022291 msft-kb5022339-1b1341db-9895-4e60-a96e-84273b8dea95 msft-kb5022339-35777b71-2802-4f2b-91e1-e13203ba0c08 msft-kb5022339-40ea1718-9f50-40ac-9ada-a112d865b2cd msft-kb5022339-5e9a8284-c4b5-4360-982d-bae284aed3e6 msft-kb5022339-80c64b1b-d72f-488c-863c-1e09185bf01c msft-kb5022343-0f04bd31-ec93-4206-9552-0fee543e922e msft-kb5022343-bdb9a798-4f73-4434-b83d-bc05cc7cf3e6 msft-kb5022346-6df1459f-4045-41af-ba9d-f5502c438b49 msft-kb5022346-76a19426-a9ba-4152-8778-61707d85c3c1 msft-kb5022353-343ea477-ecec-440c-af2b-d6f1f23fab7a msft-kb5022353-7e6e1829-ce49-4fb1-a038-bd21bcfd6d8a References https://attackerkb.com/topics/cve-2023-21765 CVE - 2023-21765 https://support.microsoft.com/help/5022282 https://support.microsoft.com/help/5022286 https://support.microsoft.com/help/5022287 https://support.microsoft.com/help/5022289 https://support.microsoft.com/help/5022291 https://support.microsoft.com/help/5022297 https://support.microsoft.com/help/5022303 https://support.microsoft.com/help/5022343 https://support.microsoft.com/help/5022346 https://support.microsoft.com/help/5022352 View more

Microsoft Windows: CVE-2023-21750: Windows Kernel Elevation of Privilege Vulnerability Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Windows Kernel Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022297 microsoft-windows-windows_10-1607-kb5022289 microsoft-windows-windows_10-1809-kb5022286 microsoft-windows-windows_10-20h2-kb5022282 microsoft-windows-windows_10-21h2-kb5022282 microsoft-windows-windows_10-22h2-kb5022282 microsoft-windows-windows_11-21h2-kb5022287 microsoft-windows-windows_11-22h2-kb5022303 microsoft-windows-windows_server_2012-kb5022343 microsoft-windows-windows_server_2012_r2-kb5022346 microsoft-windows-windows_server_2016-1607-kb5022289 microsoft-windows-windows_server_2019-1809-kb5022286 microsoft-windows-windows_server_2022-21h2-kb5022291 microsoft-windows-windows_server_2022-22h2-kb5022291 msft-kb5022339-1b1341db-9895-4e60-a96e-84273b8dea95 msft-kb5022339-35777b71-2802-4f2b-91e1-e13203ba0c08 msft-kb5022339-40ea1718-9f50-40ac-9ada-a112d865b2cd msft-kb5022339-5e9a8284-c4b5-4360-982d-bae284aed3e6 msft-kb5022339-80c64b1b-d72f-488c-863c-1e09185bf01c msft-kb5022343-0f04bd31-ec93-4206-9552-0fee543e922e msft-kb5022343-bdb9a798-4f73-4434-b83d-bc05cc7cf3e6 msft-kb5022346-6df1459f-4045-41af-ba9d-f5502c438b49 msft-kb5022346-76a19426-a9ba-4152-8778-61707d85c3c1 msft-kb5022353-343ea477-ecec-440c-af2b-d6f1f23fab7a msft-kb5022353-7e6e1829-ce49-4fb1-a038-bd21bcfd6d8a References https://attackerkb.com/topics/cve-2023-21750 CVE - 2023-21750 https://support.microsoft.com/help/5022282 https://support.microsoft.com/help/5022286 https://support.microsoft.com/help/5022287 https://support.microsoft.com/help/5022289 https://support.microsoft.com/help/5022291 https://support.microsoft.com/help/5022297 https://support.microsoft.com/help/5022303 https://support.microsoft.com/help/5022343 https://support.microsoft.com/help/5022346 https://support.microsoft.com/help/5022352 View more

Microsoft Windows: CVE-2023-21552: Windows GDI Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Windows GDI Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022297 microsoft-windows-windows_10-1607-kb5022289 microsoft-windows-windows_10-1809-kb5022286 microsoft-windows-windows_10-20h2-kb5022282 microsoft-windows-windows_10-21h2-kb5022282 microsoft-windows-windows_10-22h2-kb5022282 microsoft-windows-windows_11-21h2-kb5022287 microsoft-windows-windows_11-22h2-kb5022303 microsoft-windows-windows_server_2012-kb5022343 microsoft-windows-windows_server_2012_r2-kb5022346 microsoft-windows-windows_server_2016-1607-kb5022289 microsoft-windows-windows_server_2019-1809-kb5022286 microsoft-windows-windows_server_2022-21h2-kb5022291 microsoft-windows-windows_server_2022-22h2-kb5022291 msft-kb5022339-1b1341db-9895-4e60-a96e-84273b8dea95 msft-kb5022339-35777b71-2802-4f2b-91e1-e13203ba0c08 msft-kb5022339-40ea1718-9f50-40ac-9ada-a112d865b2cd msft-kb5022339-5e9a8284-c4b5-4360-982d-bae284aed3e6 msft-kb5022339-80c64b1b-d72f-488c-863c-1e09185bf01c msft-kb5022343-0f04bd31-ec93-4206-9552-0fee543e922e msft-kb5022343-bdb9a798-4f73-4434-b83d-bc05cc7cf3e6 msft-kb5022346-6df1459f-4045-41af-ba9d-f5502c438b49 msft-kb5022346-76a19426-a9ba-4152-8778-61707d85c3c1 msft-kb5022353-343ea477-ecec-440c-af2b-d6f1f23fab7a msft-kb5022353-7e6e1829-ce49-4fb1-a038-bd21bcfd6d8a References https://attackerkb.com/topics/cve-2023-21552 CVE - 2023-21552 https://support.microsoft.com/help/5022282 https://support.microsoft.com/help/5022286 https://support.microsoft.com/help/5022287 https://support.microsoft.com/help/5022289 https://support.microsoft.com/help/5022291 https://support.microsoft.com/help/5022297 https://support.microsoft.com/help/5022303 https://support.microsoft.com/help/5022343 https://support.microsoft.com/help/5022346 https://support.microsoft.com/help/5022352 View more

Microsoft CVE-2023-21736: Microsoft Office Visio Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/11/2023 Added 01/10/2023 Modified 01/28/2025 Description Microsoft CVE-2023-21736: Microsoft Office Visio Remote Code Execution Vulnerability Solution(s) msft-kb5002332-9d578e32-656d-4b56-a634-bb0c66c5732a msft-kb5002332-dda8c9ad-f5db-496f-a1e3-ad67cc273bbf References https://attackerkb.com/topics/cve-2023-21736 CVE - 2023-21736 5002332 5002337

Oracle Linux: CVE-2023-21538: ELSA-2023-0077:.NET 6.0 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/10/2023 Created 01/17/2023 Added 01/13/2023 Modified 12/05/2024 Description .NET Denial of Service Vulnerability A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process. Solution(s) oracle-linux-upgrade-aspnetcore-runtime-6-0 oracle-linux-upgrade-aspnetcore-targeting-pack-6-0 oracle-linux-upgrade-dotnet-apphost-pack-6-0 oracle-linux-upgrade-dotnet-hostfxr-6-0 oracle-linux-upgrade-dotnet-runtime-6-0 oracle-linux-upgrade-dotnet-sdk-6-0 oracle-linux-upgrade-dotnet-sdk-6-0-source-built-artifacts oracle-linux-upgrade-dotnet-targeting-pack-6-0 oracle-linux-upgrade-dotnet-templates-6-0 References https://attackerkb.com/topics/cve-2023-21538 CVE - 2023-21538 ELSA-2023-0077 ELSA-2023-0079

Debian: CVE-2023-0139: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 01/17/2023 Added 01/16/2023 Modified 01/28/2025 Description Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0139 CVE - 2023-0139 DSA-5317-1

Debian: CVE-2023-0137: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/17/2023 Added 01/16/2023 Modified 01/28/2025 Description Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0137 CVE - 2023-0137 DSA-5317-1

VMware Photon OS: CVE-2022-4379 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/10/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-4379 CVE - 2022-4379

Debian: CVE-2023-0133: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 01/17/2023 Added 01/16/2023 Modified 01/28/2025 Description Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-0133 CVE - 2023-0133 DSA-5317-1

Adobe Acrobat: CVE-2023-21581: Security updates available for Adobe Acrobat and Reader (APSB23-01) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 01/10/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service, arbitrary code execution, privilege escalation and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-21581 https://helpx.adobe.com/security/products/acrobat/apsb23-01.html CVE - 2023-21581

Adobe Acrobat: CVE-2023-21614: Security updates available for Adobe Acrobat and Reader (APSB23-01) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 01/10/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service, arbitrary code execution, privilege escalation and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-21614 https://helpx.adobe.com/security/products/acrobat/apsb23-01.html CVE - 2023-21614

Adobe Acrobat: CVE-2023-21579: Security updates available for Adobe Acrobat and Reader (APSB23-01) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service, arbitrary code execution, privilege escalation and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-21579 https://helpx.adobe.com/security/products/acrobat/apsb23-01.html CVE - 2023-21579

Adobe Acrobat: CVE-2023-22240: Security updates available for Adobe Acrobat and Reader (APSB23-01) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service, arbitrary code execution, privilege escalation and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-22240 https://helpx.adobe.com/security/products/acrobat/apsb23-01.html CVE - 2023-22240

Adobe Acrobat: CVE-2023-21605: Security updates available for Adobe Acrobat and Reader (APSB23-01) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service, arbitrary code execution, privilege escalation and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-21605 https://helpx.adobe.com/security/products/acrobat/apsb23-01.html CVE - 2023-21605

Adobe Acrobat: CVE-2023-21610: Security updates available for Adobe Acrobat and Reader (APSB23-01) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 04/26/2024 Added 04/26/2024 Modified 10/18/2024 Description Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to application denial-of-service, arbitrary code execution, privilege escalation and memory leak. Solution(s) adobe-acrobat-upgrade-latest References https://attackerkb.com/topics/cve-2023-21610 https://helpx.adobe.com/security/products/acrobat/apsb23-01.html CVE - 2023-21610

VMware Photon OS: CVE-2022-4338 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-4338 CVE - 2022-4338

Gentoo Linux: CVE-2023-0140: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 01/10/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0140 CVE - 2023-0140 202305-10 202311-11

Gentoo Linux: CVE-2023-0131: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 01/10/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0131 CVE - 2023-0131 202305-10 202311-11

Gentoo Linux: CVE-2023-0136: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0136 CVE - 2023-0136 202305-10 202311-11

Gentoo Linux: CVE-2023-0129: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0129 CVE - 2023-0129 202305-10 202311-11

Gentoo Linux: CVE-2023-0141: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 01/10/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0141 CVE - 2023-0141 202305-10 202311-11

Gentoo Linux: CVE-2023-0134: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/10/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-0134 CVE - 2023-0134 202305-10 202311-11