publish date :
2023-08-18
DESCRIPTION:
Multiple vulnerabilities (CVE-2023-4068 to CVE-2023-4078 and other 6 unpublished) exist in Google Chrome, Microsoft Edge, Brave, and Opera which are based on Chromium. Vulnerabilities have been described as type confusion bug in the V8 JavaScript engine, Out of Bounds Memory Access, Out of Bounds Memory Read and Write, Use After Free, Heap Buffer Overflow, Insufficient data validation, and Inappropriate implementation, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page.
AFFECTED RELEASES:
Google Chrome prior to 115.0.5790.170/.171
Microsoft Edge prior to 115.0.1901.200
Brave prior to 1.56.20
Opera prior to 101.0.4843.43
SOLUTION:
Upgrade to at least Google Chrome 115.0.5790.170/.171 by following steps:
1. Open the Google Chrome browser.
2. Enter “chrome://settings/help” in the address bar. The window that appears will automatically check for updates and show you the current version of Chrome.
3. After Chrome is updated, click the “RELAUNCH” option to restart Chrome and complete the update.
Upgrade to at least Microsoft Edge 115.0.1901.200 by following steps:
1. Open the Microsoft Edge browser.
2. Enter “edge://settings/help” in the address bar. The window that appears will automatically check for updates and show you the current version of Edge.
3. After Edge is updated, click the “RELAUNCH” option to restart Edge and complete the update.
Upgrade to at least Brave 1.56.20 by following steps:
1. Open the Brave browser.
2. Enter “brave://settings/help” in the address bar. The window that appears will automatically check for updates and show you the current version of Brave.
3. After Brave is updated, click the “RELAUNCH” option to restart Brave and complete the update.
Upgrade to at least Opera 101.0.4843.43 by following steps:
1. Open the Opera browser.
2. Click Opera menu button > Update & Recovery > Check for Update.
3. Restart browser.
REFERENCE:
1. https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html
2. https://github.com/brave/brave-browser/releases/tag/v1.56.20
3. https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#august-7-2023
4. https://blogs.opera.com/security/2023/08/update-your-browser-security-fixes-for-latest-chrome-bugs/
5. https://www.zerodayinitiative.com/blog/2023/8/8/the-august-2023-security-update-review
6. https://www.sans.org/newsletters/at-risk/xxiii-31/
7. https://nvd.nist.gov/vuln/detail/CVE-2023-4068
8. https://nvd.nist.gov/vuln/detail/CVE-2023-4069
9. https://nvd.nist.gov/vuln/detail/CVE-2023-4070
10. https://nvd.nist.gov/vuln/detail/CVE-2023-4071
11. https://nvd.nist.gov/vuln/detail/CVE-2023-4072
12. https://nvd.nist.gov/vuln/detail/CVE-2023-4073
13. https://nvd.nist.gov/vuln/detail/CVE-2023-4074
14. https://nvd.nist.gov/vuln/detail/CVE-2023-4075
15. https://nvd.nist.gov/vuln/detail/CVE-2023-4076
16. https://nvd.nist.gov/vuln/detail/CVE-2023-4077
17. https://nvd.nist.gov/vuln/detail/CVE-2023-4078