Ensuring that your web browser is updated to mitigate the latest security vulnerabilities is essential to protecting your online security and privacy and the confidentiality of your sensitive data. That’s why, as LinuxSecurity.com Content Editor, I’m here to alert you of mitigations for a remotely exploitable Type Confusion vulnerability, among other significant issues, recently discovered in Chromium that could result in various severe repercussions on impacted systems, including data breaches, privacy violations, system downtime, and reputational harm.
Don’t panic about the confidentiality of your data and your systems' integrity and availability, but take immediate action! Read on to learn how to ensure your systems are updated and secure.
We also have other significant discoveries and fixes for you, including mitigations for a severe buffer overflow vulnerability known as “Looney Tunables” discovered in the GNU C Library, which a local user can exploit to gain full root privileges on affected systems, potentially resulting in data breaches and system compromise. Three critical security vulnerabilities have also been fixed in the widely-used Exim open-source email transfer agent, which could result in malware execution, system compromise, and information disclosure on impacted systems. The vulnerabilities are among the most severe and impactful we’ve seen in a while, making it crucial that you stay up-to-date on these issues to safeguard your system from any potential harm.
Did you find today’s newsletter informative and useful? If so, please do us and the community a favor and share it with a fellow security geek to help them secure their systems against these dangerous vulnerabilities. We also welcome feedback on how we could improve our newsletters or our site. If you have any thoughts or suggestions, please share them with us. Have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from insightful, passionate community members who share our enthusiasm for Linux security!
Stay safe out there,
ChromiumThe DiscoveryA severe, remotely exploitable Type Confusion vulnerability has been found in Chromium (CVE-2023-5346). Due to its significant threat to the confidentiality, integrity, and availability of impacted systems, this bug has received a National Vulnerability Database base score of 8.8 out of 10 (“High” severity). Several other important security vulnerabilities have also recently been found in Chromium, including inappropriate implementation in Custom Tabs, Prompts, Input, Custom Mobile Tabs, Autofill, Intents, Picture in Picture, and Interstitials, and insufficient policy enforcement in Downloads. |
GNU C LibraryThe DiscoveryA severe buffer overflow vulnerability known as “Looney Tunables” was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable (CVE-2023-4911). This vulnerability was introduced in April 2021 and poses a significant threat to systems with default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13. |
EximThe DiscoveryThree critical security vulnerabilities have been discovered in the widely-used Exim open-source email transfer agent, including a NTLM challenge out-of-bounds read information disclosure bug (CVE-2023-42114), a AUTH out-of-bounds write remote code execution (RCE) vulnerability (CVE-2023-42115), and a SMTP challenge stack-based buffer overflow RCE flaw (CVE-2023-42116). |
