Chromium

Software updated 4 days ago (2024-09-04T00:15:43.033Z)
Download STIX
Preview STIX
Chromium is an open-source software project from Google that forms the foundation for several web browsers, including Google Chrome and Microsoft Edge. This software provides the essential framework upon which these browsers are built, offering features such as rendering and JavaScript processing via its V8 engine. However, Chromium has faced security vulnerabilities over time. For instance, CVE-2023-2033 and CVE-2023-3079 were type confusion vulnerabilities in the Google Chromium V8 engine that could potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. Similarly, CVE-2024-7971 was another type confusion issue in the V8 engine, impacting JavaScript execution in Chrome and other Chromium-based browsers. On June 16, 2020, Windows 10 Insider Preview Build 19042.330 for 20H2 was released, marking the first Windows Insider Preview build for the next Windows 10 upgrade, code-named 20H2. This update included fixes from the KB4557957 (OS Build 19041.329) build for the Windows 10 May 2020 Update, as well as the new Microsoft Edge based on Chromium. However, this integration wasn't without its challenges. A high-severity bug, CVE-2024-38106, was exploited by Citrine Sleet in Chromium, leading to a chain of exploits. Moreover, users who connected to a certain domain automatically triggered a zero-day memory corruption exploit in Chromium. Despite these vulnerabilities, Chromium remains a fundamental part of many modern web browsers. It's important to note that not all browsers use the Chromium engine; Firefox, for example, uses a different browser engine. The growing dependence on Chromium has led to efforts to enhance its security. One such effort was Google's release of an update to Chrome on August 21, which included 38 security fixes. Many companies have also realized the potential of Chromium, using it as a base to build their own browsers with additional features such as URL filtering, malware analysis, and data loss prevention.
Description last updated: 2024-09-04T00:15:43.012Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Chrome
Vulnerability
Google
Microsoft
Firefox
Exploit
Safari
Windows
Linux
Android
RCE (Remote ...
Webkit
Remote Code ...
Github
JavaScript
Outlook
Telegram
Apple
Exploits
Zero Day
CISA
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
Charcoal TyphoonUnspecified
2
Charcoal Typhoon, a China-affiliated threat actor, has been identified as one of the state-backed groups using OpenAI's ChatGPT for malicious purposes. The group is known for focusing on tracking groups in Taiwan, Thailand, Mongolia, Malaysia, France, Nepal, and individuals globally that oppose Chin
Citrine SleetUnspecified
2
Citrine Sleet is a dangerous malware attributed to a North Korean threat actor, as reported by Microsoft in late August 2024. This malicious software is designed to exploit and damage computer systems, infiltrating them through suspicious downloads, emails, or websites, often unbeknownst to the user
Volt TyphoonUnspecified
2
Volt Typhoon, a China-sponsored threat actor group identified as one of the most dangerous and persistent nation-state actors by security researchers and the U.S. government, has been active since at least mid-2021, carrying out cyber operations against critical infrastructure. The group is known fo
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
CVE-2023-3079Unspecified
4
None
CVE-2023-2033Unspecified
3
CVE-2023-2033 is a high-severity type confusion vulnerability discovered in Google Chrome, specifically within the V8 JavaScript engine. The flaw represents a serious issue in software design or implementation that exposes the system to potential cyber threats. This vulnerability was one of two type
CVE-2023-4863Unspecified
3
CVE-2023-4863 is a critical vulnerability that has been identified in various major software applications, including Microsoft Windows and Server, Microsoft Edge, Microsoft Office, Word and 365 Apps, Google Chrome, Mozilla Firefox and Thunderbird, and the libwebp library used for handling WebP bitma
CVE-2023-5346Unspecified
3
None
CVE-2023-1236Unspecified
2
None
CVE-2023-1228Unspecified
2
None
CVE-2023-1224Unspecified
2
None
CVE-2023-1223Unspecified
2
None
CVE-2023-1221Unspecified
2
None
CVE-2023-4068Unspecified
2
None
CVE-2023-4070Unspecified
2
None
CVE-2023-4072Unspecified
2
None
CVE-2023-4073Unspecified
2
None
CVE-2023-4076Unspecified
2
None
CVE-2023-4069Unspecified
2
None
CVE-2023-4071Unspecified
2
None
CVE-2023-4074Unspecified
2
None
CVE-2023-4075Unspecified
2
None
CVE-2023-4077Unspecified
2
None
CVE-2023-4078Unspecified
2
None
CVE-2023-4761Unspecified
2
None
CVE-2023-4763Unspecified
2
None
CVE-2023-4764Unspecified
2
None
CVE-2023-4762Unspecified
2
CVE-2023-4762 is a software vulnerability, specifically a remote code execution flaw in the Chrome web browser. This vulnerability was identified by researchers from Google's Threat Analysis Group (TAG) in September 2023, around the same time Apple disclosed its own zero-day bugs. The vulnerability
CVE-2023-1220Unspecified
2
None
CVE-2023-1232Unspecified
2
None
CVE-2023-1231Unspecified
2
None
CVE-2023-1222Unspecified
2
None
CVE-2023-1235Unspecified
2
None
CVE-2023-1234Unspecified
2
None
CVE-2023-1233Unspecified
2
None
CVE-2023-1230Unspecified
2
None
CVE-2023-1229Unspecified
2
None
CVE-2023-1218Unspecified
2
None
CVE-2023-1217Unspecified
2
None
CVE-2023-1215Unspecified
2
None
CVE-2023-1214Unspecified
2
None
CVE-2023-1219Unspecified
2
None
CVE-2023-1216Unspecified
2
None
CVE-2023-1213Unspecified
2
None
Source Document References
Information about the Chromium Software was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
4 days ago
North Korean APT Exploits Novel Chromium, Windows Bugs to Steal Crypto
CERT-EU
10 months ago
This Week In Security: SSH, FTP, And Reptar
CERT-EU
10 months ago
Google Workspace weaknesses allow plaintext password theft
CERT-EU
10 months ago
AZT: The Market For Enterprise (Secure) Browsers
CERT-EU
10 months ago
Google Workspace weaknesses allow plaintext password theft
CERT-EU
10 months ago
Google Chrome devs prepare for third-party cookie phaseout
SANS ISC
10 months ago
Microsoft Patch Tuesday November 2023 - SANS Internet Storm Center
BankInfoSecurity
10 months ago
Info Stealers Thrive in Hot Market for Stolen Data
CERT-EU
10 months ago
Google abandons Web Environment Integrity API proposal
BankInfoSecurity
10 months ago
Researcher Claims to Crack RSA-2048 With Quantum Computer
CERT-EU
10 months ago
Every trick Microsoft pulled to make you browse Edge instead of Chrome
CERT-EU
10 months ago
#iLeakage: All Apple CPUs Vulnerable — No Patch in Sight
CrowdStrike
10 months ago
October 2023 Patch Tuesday: Updates and Analysis
CERT-EU
10 months ago
Enterprise Browser Startup Island Banks $100M in Funding
CERT-EU
a year ago
Attacker combines phone, email lures into believable, complex attack chain
CERT-EU
a year ago
Microsoft addresses three zero-days for October’s Patch Tuesday
CERT-EU
a year ago
CERT-In Warns of 51 Major Security Flaws Affecting These Android Versions
CERT-EU
a year ago
Microsoft's October Patch Tuesday update resolves three zero-days
DARKReading
a year ago
Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug
SANS ISC
a year ago
October 2023 Microsoft Patch Tuesday Summary - SANS Internet Storm Center