Sécurité et conformité

DEVO-2023-0016

Résumé

The vulnerability with the embedded chrome browser in Remote Desktop Manager Windows is fixed in the latest version (2023.2.33 and higher).

The embedded chromium browser component used by Remote Desktop Manager Windows is currently affected by a critical security vulnerability. The vulnerability (CVE-2023-4863) is in the libwebp library used by the chromium engine. This component is managed by a third-party and can't be patched on our end.

We advise not to use the embedded chrome browser in the web site entries and switch to another browser such as Microsoft Edge in the meantime. You can switch browser by editing the entry and changing the Web browser property to Microsoft Edge. By default, RDM Windows uses Microsoft Edge if the default configuration hasn't been modified.

The fix is now available to all platforms.

Other platforms

A component named SkiaSharp used for rendering images in our products is also affected by the same vulnerability. This component will be updated for other platforms.

Journal des modifications

2023-10-02 - Initial publication

2023-10-03 - Added RDM macOS to fixed versions

2023-10-04 - Added RDM Linux to fixed versions

2023-10-23 - Added RDM Windows to fixed versions

2023-10-25 - Updated informations

2023-11-01 - Added RDM Android to fixed versions

Sévérité

High

Produit

Remote Desktop Manager

Version corrigée

Fixed versions available

CVE-2023-4863

Description

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Please refer the the Mitre page for more details :https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863

Mesures correctives et solutions de contournement
  • Remote Desktop Manager Windows 2023.2.33 and higher
    • Embedded chrome web browser vulnerability.
  • Remote Desktop Manager Windows 2023.2.32 and higher
    • SkiaSharp
  • Remote Desktop Manager iOS 2023.2.8.0 and higher
    • SkiaSharp
  • Remote Desktop Manager macOS 2023.2.10.4 and higher
    • SkiaSharp
  • Remote Desktop Manager Linux 2023.2.2.5 and higher
    • SkiaSharp
  • Remote Desktop Manager Android 2023.0.24 and higher
    • SkiaSharp
Sévérité

8.1 High - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE(s)

CVE-2023-4863

Devolutions aide les organisations à contrôler le chaos relié aux TI en offrant des solutions sécurisées de gestion d’accès privilégiés, de connexions à distance et de mots de passe.

DEVOLUTIONS

Légal & vie privée | infos@devolutions.net

Tous droits réservés © 2025 Devolutions