Security Update Chromium Component (MINDBREEZE28567)

ID: MINDBREEZE28567 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 8.8 High 
Status: Final 
First published: October 30, 2023 
CVEs: CVE-2023-4429, CVE-2023-4428, CVE-2023-4427, CVE-2023-4431, CVE-2023-4351, CVE-2023-4352, CVE-2023-4353, CVE-2023-4354, CVE-2023-4355, CVE-2023-4357, CVE-2023-4358, CVE-2023-4362, CVE-2023-4572, CVE-2023-4762, CVE-2023-4763, CVE-2023-4863, CVE-2023-4902, CVE-2023-4904, CVE-2023-4905, CVE-2023-4907, CVE-2023-4909 

Summary

Security Update Chromium Component

  • CVE-2023-4429 chromium - Component: Use after free in Loader.
  • CVE-2023-4428 chromium - Component: Out of bounds memory access in CSS.
  • CVE-2023-4427 chromium - Component: Out of bounds memory access in V8.
  • CVE-2023-4431 chromium - Component: Out of bounds memory access in Fonts.
  • CVE-2023-4351 chromium - Component: Use after free in Network.
  • CVE-2023-4352 chromium - Component: Type Confusion in V8.
  • CVE-2023-4353 chromium - Component: Heap buffer overflow in ANGLE.
  • CVE-2023-4354 chromium - Component: Heap buffer overflow in Skia.
  • CVE-2023-4355 chromium - Component: Out of bounds memory access in V8.
  • CVE-2023-4357 chromium - Component: Insufficient validation of untrusted input in XML.
  • CVE-2023-4358 chromium - Component: Use after free in DNS.
  • CVE-2023-4362 chromium - Component: Heap buffer overflow in Mojom IDL.
  • CVE-2023-4572 chromium - Component: Use after free in MediaStream Heap Corruption.
  • CVE-2023-4762 chromium - Component: Type Confusion in V8.
  • CVE-2023-4763 chromium - Component: Use after free in Networks.
  • CVE-2023-4863 chromium - Component: Heap buffer overflow in WebP.
  • CVE-2023-4902 chromium - Component: Inappropriate implementation in Input.
  • CVE-2023-4904 chromium - Component: Insufficient policy enforcement in Downloads.
  • CVE-2023-4905 chromium - Component: Inappropriate implementation in Prompts.
  • CVE-2023-4907 chromium - Component: Inappropriate implementation in Intents.
  • CVE-2023-4909 chromium - Component: Inappropriate implementation in Interstitials.

 

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

  • Mindbreeze InSpire 23.6 Release 

  • Mindbreeze InSpire SaaS 23.6 Release