Ubuntu
chromium-browser package

cve-2023-4863

Bug #2035220 reported by themusicgod1 on 2023-09-12

260

This bug affects 2 people

	Status	Importance	Assigned to
chromium (Debian)	Fix Released	Unknown	debbugs #1051786
chromium-browser (Ubuntu)	Fix Released	Critical	Nathan Teodosio
firefox (Ubuntu)	Fix Released	Undecided	Unassigned
firefox-esr (Ubuntu)	Fix Released	Undecided	Unassigned
libwebp (Debian)	Fix Released	Unknown	debbugs #1051787
libwebp (Ubuntu)	Fix Released	Undecided	Unassigned
thunderbird (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

[$NA][1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html

high profile remote vulnerability

themusicgod1@eva1:~$ apt-cache policy chromium-browser
chromium-browser:
  Installed: 1:85.0.4183.83-0ubuntu2.22.04.1
  Candidate: 1:85.0.4183.83-0ubuntu2.22.04.1
  Version table:

current available snap:
chromium 116.0.5845.179

fix is in:
chromium 116.0.5845.187

ubuntu: 22.04.3 LTS jammy

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: chromium-browser 1:85.0.4183.83-0ubuntu2.22.04.1
ProcVersionSignature: Ubuntu 6.2.0-26.26~22.04.1-generic 6.2.13
Uname: Linux 6.2.0-26-generic x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Tue Sep 12 08:38:06 2023
DiskUsage:
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda2 ext4 228G 162G 55G 75% /
tmpfs tmpfs 3.9G 66M 3.8G 2% /dev/shm
/dev/sda2 ext4 228G 162G 55G 75% /
InstallationDate: Installed on 2017-04-18 (2337 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
MachineType: MSI MS-7994
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.2.0-26-generic root=UUID=333c5e4f-3f61-4abf-b950-f19431c843d6 ro text
Snap.Changes: no changes found
Snap.ChromeDriverVersion: ChromeDriver 116.0.5845.179 (17ff023f3eb4f6883321db9399bfc65560ef84a9-refs/branch-heads/5845@{#1745})
Snap.ChromiumVersion: Chromium 116.0.5845.179 snap
SourcePackage: chromium-browser
UpgradeStatus: Upgraded to jammy on 2023-06-14 (89 days ago)
dmi.bios.date: 12/16/2016
dmi.bios.release: 5.12
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 5.80
dmi.board.asset.tag: Default string
dmi.board.name: H110M GAMING (MS-7994)
dmi.board.vendor: MSI
dmi.board.version: 1.0
dmi.chassis.asset.tag: Default string
dmi.chassis.type: 3
dmi.chassis.vendor: MSI
dmi.chassis.version: 1.0
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr5.80:bd12/16/2016:br5.12:svnMSI:pnMS-7994:pvr1.0:rvnMSI:rnH110MGAMING(MS-7994):rvr1.0:cvnMSI:ct3:cvr1.0:skuDefaultstring:
dmi.product.family: Default string
dmi.product.name: MS-7994
dmi.product.sku: Default string
dmi.product.version: 1.0
dmi.sys.vendor: MSI
mtime.conffile..etc.apport.crashdb.conf: 2020-06-07T21:16:26.397404

Tags:

CVE References

2023-4863

Revision history for this message

themusicgod1 (themusicgod1) wrote on 2023-09-12:

CurrentDmesg.txt Edit (256.0 KiB, text/plain; charset="utf-8")
DRM.card0-DP-1.txt Edit (335 bytes, text/plain; charset="utf-8")
DRM.card0-HDMI-A-1.txt Edit (95 bytes, text/plain; charset="utf-8")
DRM.card0-HDMI-A-2.txt Edit (95 bytes, text/plain; charset="utf-8")
DRM.card0-HDMI-A-3.txt Edit (95 bytes, text/plain; charset="utf-8")
Dependencies.txt Edit (4.3 KiB, text/plain; charset="utf-8")
Lspci.txt Edit (10.8 KiB, text/plain; charset="utf-8")
Lspci-vt.txt Edit (1.2 KiB, text/plain; charset="utf-8")
Lsusb.txt Edit (902 bytes, text/plain; charset="utf-8")
Lsusb-t.txt Edit (1.1 KiB, text/plain; charset="utf-8")
Lsusb-v.txt Edit (45.6 KiB, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (6.0 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.5 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (115 bytes, text/plain; charset="utf-8")
ProcInterrupts.txt Edit (3.0 KiB, text/plain; charset="utf-8")
ProcModules.txt Edit (8.2 KiB, text/plain; charset="utf-8")
Snap.ChromiumPrefs.txt Edit (1.4 KiB, text/plain; charset="utf-8")
Snap.Connections.txt Edit (3.4 KiB, text/plain; charset="utf-8")
Snap.Info.chromium.txt Edit (935 bytes, text/plain; charset="utf-8")
Snap.Info.core.txt Edit (788 bytes, text/plain; charset="utf-8")
Snap.Info.core20.txt Edit (735 bytes, text/plain; charset="utf-8")
Snap.Info.cups.txt Edit (1.2 KiB, text/plain; charset="utf-8")
Snap.Info.gnome-42-2204.txt Edit (1.8 KiB, text/plain; charset="utf-8")
Snap.Info.gtk-common-themes.txt Edit (802 bytes, text/plain; charset="utf-8")
UdevDb.txt Edit (257.9 KiB, text/plain; charset="utf-8")
acpidump.txt Edit (981.8 KiB, text/plain; charset="utf-8")
modified.conffile..etc.apport.crashdb.conf.txt Edit (1.2 KiB, text/plain; charset="utf-8")

Revision history for this message

themusicgod1 (themusicgod1) wrote on 2023-09-12:

also appears valid for 23.04 lunar:

==> Installing the chromium snap
chromium 116.0.5845.179 from Canonical✓ installed

tags:

added: lunar

Bug Watch Updater (bug-watch-updater) on 2023-09-12

Changed in chromium (Debian):
status:	Unknown → New

themusicgod1 (themusicgod1) on 2023-09-12

tags:

added: mantic

Bug Watch Updater (bug-watch-updater) on 2023-09-12

Changed in libwebp (Debian):
status:	Unknown → New

Revision history for this message

themusicgod1 (themusicgod1) wrote on 2023-09-12:

https://people.canonical.com/~ubuntu-security/cve/CVE-2023-4863 correctly claims that since 19.04 or whatever chrome is deployed via snap

but misses the point that the snap that is deployed is not up to date

Mark Esler (eslerm) on 2023-09-12

information type:

Private Security → Public Security

Nathan Teodosio (nteodosio) on 2023-09-13

Changed in chromium-browser (Ubuntu):
status:	New → In Progress
importance:	Undecided → Critical
assignee:	nobody → Nathan Teodosio (nteodosio)

Revision history for this message

Nathan Teodosio (nteodosio) wrote on 2023-09-13:

For your information, Chromium is now in 116.0.5845.187 in x86, and should be in ARM too tomorrow.

Bug Watch Updater (bug-watch-updater) on 2023-09-14

Changed in libwebp (Debian):
status:	New → Confirmed

Revision history for this message

Nishit Majithia (0xnishit) wrote on 2023-09-14:

Firefox has been released for focal(USN-6367-1) and other releases(as snap).
Thunderbird has been patched and released as well (USN-6368-1)
thanks

Changed in firefox (Ubuntu):
status:	New → Fix Released
Changed in thunderbird (Ubuntu):
status:	New → Fix Released

Nathan Teodosio (nteodosio) on 2023-09-14

Changed in chromium-browser (Ubuntu):
status:	In Progress → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-09-14:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in firefox-esr (Ubuntu):
status:	New → Confirmed
Changed in libwebp (Ubuntu):
status:	New → Confirmed

Bug Watch Updater (bug-watch-updater) on 2023-09-15

Changed in libwebp (Debian):
status:	Confirmed → Fix Released

Revision history for this message

Nishit Majithia (0xnishit) wrote on 2023-09-15:

libwebp also released (USN-6369-1)

Changed in firefox-esr (Ubuntu):
status:	Confirmed → Fix Released
Changed in libwebp (Ubuntu):
status:	Confirmed → Fix Released

Bug Watch Updater (bug-watch-updater) on 2023-09-16

Changed in chromium (Debian):
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

debbugs #1051786
[done grave security upstream] Edit
debbugs #1051787
[done grave upstream security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntuchromium-browser package

cve-2023-4863

Bug Description

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
chromium-browser package