GHSA-j646-gj5p-p45g

Source
https://github.com/advisories/GHSA-j646-gj5p-p45g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-j646-gj5p-p45g/GHSA-j646-gj5p-p45g.json
Published
2023-09-21T17:11:42Z
Modified
2023-10-28T05:33:53.561040Z
Details

Google is aware that an exploit for CVE-2023-4863 exists in the wild.

Description

Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

References

  • https://www.cve.org/CVERecord?id=CVE-2023-4863
  • https://nvd.nist.gov/vuln/detail/CVE-2023-4863
  • https://www.techtarget.com/searchsecurity/news/366551978/Browser-companies-patch-critical-zero-day-vulnerability

Updated

There is another related security vulnerability.

There's another related CVE (CVE-2023-5217) that is fixed in Chromium 117.0.5938.132. This one is triggered by WebCodecs API encoder usage, so a workaround for older versions is to disable the WebCodecs API (--disable-blink-features=WebCodecs).

As per https://magpcss.org/ceforum/viewtopic.php?f=6&t=19551#p54150

References

Affected packages

NuGet / CefSharp.Common

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
116.0.230

Affected versions

31.*

31.0.0-pre1

33.*

33.0.0
33.0.2
33.1.0-pre01

37.*

37.0.0-pre01
37.0.0-pre02
37.0.0
37.0.1
37.0.2
37.0.3

39.*

39.0.0-pre01
39.0.0-pre02
39.0.0-pre03
39.0.0
39.0.1
39.0.2

41.*

41.0.0-pre01
41.0.0
41.0.1

43.*

43.0.0-pre01
43.0.0-pre02
43.0.0
43.0.1

45.*

45.0.0-pre01
45.0.0

47.*

47.0.0-pre01
47.0.0
47.0.1
47.0.2
47.0.3
47.0.4

49.*

49.0.0-pre01
49.0.0-pre02
49.0.0
49.0.1

51.*

51.0.0-pre01
51.0.0-pre02
51.0.0

53.*

53.0.0-pre01
53.0.0
53.0.1

55.*

55.0.0-pre01
55.0.0

57.*

57.0.0-pre01
57.0.0

62.*

62.0.0-pre01
62.0.0-proprietary-codecs
62.0.0-proprietary-codecs2

63.*

63.0.0-pre01
63.0.0-pre02
63.0.0-pre03
63.0.0
63.0.1
63.0.2
63.0.3

65.*

65.0.0-pre01
65.0.0-pre02
65.0.0
65.0.1

67.*

67.0.0-pre01
67.0.0

69.*

69.0.0-pre01
69.0.0

71.*

71.0.0-pre01
71.0.0
71.0.1
71.0.2

73.*

73.1.120-pre01
73.1.130

75.*

75.1.140-pre01
75.1.141
75.1.142
75.1.143

79.*

79.1.310-pre
79.1.350
79.1.360

81.*

81.3.20-pre
81.3.100

83.*

83.3.120-pre
83.4.20

84.*

84.3.10-pre
84.4.10

85.*

85.3.120-pre
85.3.121-pre
85.3.121
85.3.130

86.*

86.0.240-pre
86.0.241

87.*

87.1.130-pre
87.1.131-pre
87.1.132

88.*

88.2.40-pre
88.2.90

89.*

89.0.140-pre
89.0.170

90.*

90.5.70-pre
90.6.50
90.6.70

91.*

91.1.60-pre
91.1.160
91.1.210
91.1.211
91.1.230

92.*

92.0.250-pre
92.0.251
92.0.260

93.*

93.1.110-pre
93.1.111
93.1.140

94.*

94.3.0-pre
94.4.20
94.4.50
94.4.110

95.*

95.7.140-pre
95.7.141

96.*

96.0.140-pre
96.0.141
96.0.142
96.0.170
96.0.180

97.*

97.1.10-pre
97.1.11
97.1.12
97.1.60
97.1.61

98.*

98.1.190
98.1.210

99.*

99.2.90
99.2.120
99.2.140

100.*

100.0.120-pre
100.0.140
100.0.230

101.*

101.0.150
101.0.180

102.*

102.0.90
102.0.100

103.*

103.0.80
103.0.90
103.0.120

104.*

104.4.180
104.4.240

105.*

105.3.330
105.3.390

106.*

106.0.260
106.0.290

107.*

107.1.40
107.1.50
107.1.90
107.1.120

108.*

108.4.130

109.*

109.1.110

110.*

110.0.250
110.0.280
110.0.300

111.*

111.2.20
111.2.70

112.*

112.2.70
112.3.0

113.*

113.1.40
113.3.50

114.*

114.2.100
114.2.120

115.*

115.3.110
115.3.130

116.*

116.0.130
116.0.150
116.0.190

NuGet / CefSharp.Common.NETCore

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
116.0.230

Affected versions

87.*

87.1.130-pre
87.1.131-pre
87.1.132

88.*

88.2.40-pre
88.2.90

89.*

89.0.140-pre
89.0.170

90.*

90.5.70-pre
90.6.50
90.6.70

91.*

91.1.60-pre
91.1.160
91.1.210
91.1.211
91.1.230

92.*

92.0.250-pre
92.0.251
92.0.260

93.*

93.1.110-pre
93.1.111
93.1.140

94.*

94.3.0-pre
94.4.20
94.4.50
94.4.110

95.*

95.7.140-pre
95.7.141

96.*

96.0.140-pre
96.0.141
96.0.142
96.0.170
96.0.180

97.*

97.1.10-pre
97.1.11
97.1.12
97.1.60
97.1.61

98.*

98.1.190
98.1.210

99.*

99.2.90
99.2.120
99.2.140

100.*

100.0.120-pre
100.0.140
100.0.230

101.*

101.0.150
101.0.180

102.*

102.0.90
102.0.100

103.*

103.0.80
103.0.90
103.0.120

104.*

104.4.180
104.4.240

105.*

105.3.330
105.3.390

106.*

106.0.260
106.0.290

107.*

107.1.40
107.1.50
107.1.90
107.1.120

108.*

108.4.130

109.*

109.1.110

110.*

110.0.250
110.0.280
110.0.300

111.*

111.2.20
111.2.70

112.*

112.2.70
112.3.0

113.*

113.1.40
113.3.50

114.*

114.2.100
114.2.120

115.*

115.3.110
115.3.130

116.*

116.0.130
116.0.150
116.0.190