CVE-2023-2929: Out of bounds write in Swiftshader
First published: Wed Jan 25 2023(Updated: )
<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>
Credit: chrome-cve-admin@google.com Jaehun Jeong @n3sk Theori
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/chromium | <=90.0.4430.212-1~deb10u1 | 116.0.5845.180-1~deb11u1 120.0.6099.109-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.109-1~deb12u1 120.0.6099.109-1 |
| Microsoft Edge | ||
| Microsoft Edge Beta | <114.0.1823.37 | |
| Google Chrome (Trace Event) | <114.0.5735.90 | 114.0.5735.90 |
| Google Chrome (Trace Event) | <114.0.5735.90 | |
| Google Chrome | <114.0.5735.90 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2929 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2023-2929
- https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.html (Advisory)
- https://crbug.com/1410191
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/
- https://security.gentoo.org/glsa/202311-11
- https://www.debian.org/security/2023/dsa-5418
- https://security.gentoo.org/glsa/202401-34
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2023-2929?
CVE-2023-2929 is classified as a high-severity vulnerability due to its potential for exploitation through an out-of-bounds write condition.
How do I fix CVE-2023-2929?
To fix CVE-2023-2929, update to the latest versions of affected browsers, specifically Google Chrome version 114.0.5735.90 or later and Microsoft Edge based on Chromium version 114.0.1823.37 or later.
Which software is affected by CVE-2023-2929?
CVE-2023-2929 affects multiple versions of Google Chrome and Microsoft Edge (Chromium-based) browsers.
Is CVE-2023-2929 exploitable in the wild?
There is currently no public information indicating that CVE-2023-2929 is being actively exploited in the wild.
What types of systems are vulnerable to CVE-2023-2929?
CVE-2023-2929 impacts systems running vulnerable versions of Chromium-based browsers, which include both desktop and potentially mobile platforms depending on their respective updates.
- collector/security-tracker-debian
- agent/type
- agent/first-publish-date
- agent/title
- agent/weakness
- agent/severity
- agent/description
- agent/references
- agent/event
- agent/trending
- agent/source
- agent/author
- collector/msrc-cve
- agent/software-canonical-lookup-request
- collector/msrc
- vendor/microsoft
- vendor/edge (chromium-based)
- collector/chrome-releases
- agent/software-canonical-lookup
- collector/nvd-index
- collector/nvd-latest
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- package-manager/debian
- canonical/microsoft edge
- canonical/microsoft edge beta
- vendor/google
- canonical/google chrome (trace event)
- canonical/google chrome