Branch sisyphus update bulletin.

Package chromium-gost updated to version 117.0.5938.62-alt1 for branch sisyphus in task 330039.

Published: 2023-03-21

BDU:2023-01469

Уязвимость компонента Passwords браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-1528

Published: 2023-03-21

BDU:2023-01616

Уязвимость интерфейса WebHID (Human Interface Device) браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-1529

Published: 2023-03-21

BDU:2023-01617

Уязвимость компонента PDFium браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-03-21

BDU:2023-01618

Уязвимость компонента WebProtect браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-1533

Published: 2023-03-21

BDU:2023-01619

Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-1531

Published: 2023-03-21

BDU:2023-01620

Уязвимость компонента GPU Video браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

CVE-2023-1532

Published: 2023-03-21

BDU:2023-01621

Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

CVE-2023-1534

Published: 2023-04-04

BDU:2023-01862

Уязвимость технологии Picture In Picture браузера Google Chrome, позволяющая нарушителю выполнить спуфинговую атаку

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-1816

Published: 2023-04-04

BDU:2023-01863

Уязвимость службы Safe Browsing браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-1814

Published: 2023-04-04

BDU:2023-01864

Уязвимость компонента Networking API браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-1815

Published: 2023-04-04

BDU:2023-01865

Уязвимость компонента Visuals браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-1810

Published: 2023-04-04

BDU:2023-01866

Уязвимость расширений браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-1813

Published: 2023-04-04

BDU:2023-01867

Уязвимость компонента Frames браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-1811

Published: 2023-04-04

BDU:2023-01868

Уязвимость истории браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2023-1820

Published: 2023-04-04

BDU:2023-01869

Уязвимость функции Intents браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-1817

Published: 2023-04-04

BDU:2023-01870

Уязвимость компонента FedCM браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-1823

Published: 2023-04-04

BDU:2023-01871

Уязвимость компонента WebShare браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-1821

Published: 2023-04-04

BDU:2023-01872

Уязвимость компонента DOM Bindings браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-1812

Published: 2023-04-04

BDU:2023-01873

Уязвимость режима рендеринга Vulkan браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-1818

Published: 2023-04-04

BDU:2023-01874

Уязвимость функции Navigation браузера Google Chrome, позволяющая нарушителю выполнить спуфинговую атаку

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-1822

Published: 2023-04-04

BDU:2023-01875

Уязвимость компонента Accessibility браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

CVE-2023-1819

Published: 2023-04-14

BDU:2023-02114

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-2033

Published: 2023-04-18

BDU:2023-02170

Уязвимость библиотеки Skia браузера Google Chrome, позволяющая нарушителю выйти из изолированной программной среды и выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-2136

Published: 2023-04-18

BDU:2023-02308

Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2135

Published: 2023-04-18

BDU:2023-02312

Уязвимость скрипта Service Worker API веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2134

Published: 2023-04-18

BDU:2023-02313

Уязвимость компонента SQLite веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2137

Published: 2023-04-18

BDU:2023-02314

Уязвимость скрипта Service Worker API веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2133

Published: 2023-01-10

BDU:2023-02350

Уязвимость реализации полноэкранного режима (Full Screen Mode) браузера Google Chrome, позволяющая нарушителю скрыть содержимое адресной строки Omnibox

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

CVE-2023-2463

Published: 2022-12-10

BDU:2023-02367

Уязвимость реализации механизма CORS (Cross-Origin Resource Sharing) браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

CVE-2023-2465

Published: 2023-02-27

BDU:2023-02380

Уязвимость расширений браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.1) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

References:

CVE-2023-2460

Published: 2023-05-02

BDU:2023-02383

Уязвимость технологии Picture-in-Picture (PiP) браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

CVE-2023-2468

Published: 2023-05-02

BDU:2023-02384

Уязвимость компонента Prompts браузера Google Chrome операционных систем Android, позволяющая нарушителю обойти ограничения безопасности

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References:

CVE-2023-2467

Published: 2023-05-02

BDU:2023-02385

Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

CVE-2023-2466

Published: 2023-05-02

BDU:2023-02386

Уязвимость технологии Picture-in-Picture (PiP) браузера Google Chrome, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-2464

Published: 2023-05-02

BDU:2023-02387

Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

CVE-2023-2462

Published: 2023-05-02

BDU:2023-02388

Уязвимость расширения Google Input Tools Chrome OS браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2461

Published: 2023-05-02

BDU:2023-02389

Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

CVE-2023-2459

Published: 2023-05-16

BDU:2023-02623

Уязвимость функции Navigation браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-2721

Published: 2023-05-09

BDU:2023-02661

Уязвимость компонента ChromeOS Audio Server браузера Google Chrome операционных систем ChromeOS и ChromeOS Flex, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-2457

Published: 2023-05-09

BDU:2023-02840

Уязвимость компонента ChromeOS Camera браузера Google Chrome операционных систем ChromeOS и ChromeOS Flex, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

CVE-2023-2458

Published: 2023-05-04

BDU:2023-02930

Уязвимость режима Guest View браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2725

Published: 2023-05-30

BDU:2023-02955

Уязвимость библиотеки SwiftShader веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-2929

Published: 2023-06-05

BDU:2023-03080

Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-3079

Published: 2023-06-13

BDU:2023-03159

Уязвимость функции автозаполнения Autofill Payments браузера Google Chrome, повыполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-3214

Published: 2023-06-26

BDU:2023-03442

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-3420

Published: 2022-12-27

BDU:2023-03544

Уязвимость компонента WebApp Installs браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2726

Published: 2023-06-26

BDU:2023-03553

Уязвимость компонента Media браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-3421

Published: 2023-06-13

BDU:2023-03579

Уязвимость компонента WebXR WebRTC браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-3217

Published: 2023-06-26

BDU:2023-03628

Уязвимость компонента Guest View браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-3422

Published: 2023-06-02

BDU:2023-03732

Уязвимость компонента Extensions API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю установить произвольное расширение

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

CVE-2023-2941

Published: 2023-06-02

BDU:2023-03733

Уязвимость установщика браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2939

Published: 2023-07-18

BDU:2023-03792

Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-3727

Published: 2023-07-18

BDU:2023-03793

Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2023-3728

Published: 2023-05-16

BDU:2023-03804

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2724

Published: 2023-05-16

BDU:2023-03805

Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2723

Published: 2023-05-30

BDU:2023-03902

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2935

Published: 2023-05-30

BDU:2023-03903

Уязвимость IPC-библиотеки Mojo браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2934

Published: 2023-05-30

BDU:2023-03905

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2936

Published: 2023-05-30

BDU:2023-03908

Уязвимость технологии Picture In Picture браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

CVE-2023-2937

Published: 2023-05-30

BDU:2023-03909

Уязвимость обработчика PDF-содержимого браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2933

Published: 2023-06-13

BDU:2023-03912

Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-3215

Published: 2023-06-13

BDU:2023-03913

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-3216

Published: 2023-05-30

BDU:2023-03915

Уязвимость технологии Picture In Picture браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

CVE-2023-2938

Published: 2023-07-18

BDU:2023-03999

Уязвимость компонента Notifications (Уведомления) браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

CVE-2023-3737

Published: 2023-07-18

BDU:2023-04000

Уязвимость запросов на получение разрешений сайтов (Permission Prompts) браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

CVE-2023-3735

Published: 2023-07-18

BDU:2023-04001

Уязвимость компонента Tab Groups браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-3730

Published: 2023-07-18

BDU:2023-04003

Уязвимость IPC-библиотеки Mojo браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-3732

Published: 2023-07-18

BDU:2023-04004

Уязвимость технологии Picture In Picture браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

CVE-2023-3734

Published: 2023-07-18

BDU:2023-04005

Уязвимость функции автозаполнения Autofill браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

CVE-2023-3738

Published: 2023-07-18

BDU:2023-04006

Уязвимость компонента WebApp Installs браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

CVE-2023-3733

Published: 2023-07-18

BDU:2023-04007

Уязвимость компонента Themes браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

CVE-2023-3740

Published: 2023-05-30

BDU:2023-04050

Уязвимость загрузчика браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-08-03

BDU:2023-04416

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4068

Published: 2023-08-03

BDU:2023-04417

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4069

Published: 2023-08-03

BDU:2023-04418

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4070

Published: 2023-07-28

BDU:2023-04452

Уязвимость реализации прикладного программного интерфейса File System браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

CVE-2023-2311

Published: 2023-06-28

BDU:2023-04489

Уязвимость компонента Visuals браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4071

Published: 2023-07-04

BDU:2023-04491

Уязвимость компонента Extensions (Расширения) браузера Google Chrome, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: MEDIUM (6.4) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

References:

CVE-2023-4078

Published: 2023-06-29

BDU:2023-04492

Уязвимость технологии WebRTC браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4076

Published: 2023-06-25

BDU:2023-04493

Уязвимость компонента Cast (Трансляция) браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4075

Published: 2023-07-12

BDU:2023-04494

Уязвимость планировщика задач Task Scheduling браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4074

Published: 2023-06-04

BDU:2023-04495

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4077

Published: 2023-07-12

BDU:2023-04497

Уязвимость компонента WebGL браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4072

Published: 2023-07-28

BDU:2023-04693

Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-3598

Published: 2023-08-15

BDU:2023-04846

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References:

CVE-2023-4364

Published: 2023-08-15

BDU:2023-04847

Уязвимость компонента Extensions API браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4368

Published: 2023-08-15

BDU:2023-04851

Уязвимость компонента Network браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или, возможно, оказать другое воздействие

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4351

Published: 2023-08-15

BDU:2023-04853

Уязвимость реализации прикладного программного интерфейса Fullscreen браузера Google Chrome для Android, позволяющая нарушителю подделать содержимое омнибокса

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

CVE-2023-4350

Published: 2023-08-15

BDU:2023-04854

Уязвимость средства запуска App Launcher браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References:

CVE-2023-4359

Published: 2023-08-15

BDU:2023-04855

Уязвимость компонента Audio браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4356

Published: 2023-08-15

BDU:2023-04856

Уязвимость DNS службы браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4358

Published: 2023-08-15

BDU:2023-04858

Уязвимость компонента Extensions API браузера Google Chrome, позволяющая нарушителю установить произвольное расширение

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

CVE-2023-4367

Published: 2023-08-15

BDU:2023-04859

Уязвимость компонента Extensions API браузера Google Chrome, позволяющая нарушителю установить произвольное расширение

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4366

Published: 2023-08-15

BDU:2023-04861

Уязвимость графической библиотеки Skia браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4354

Published: 2023-08-15

BDU:2023-04865

Уязвимость функции автозаполнения Autofill браузера Google Chrome для Android, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References:

CVE-2023-4361

Published: 2023-08-15

BDU:2023-04869

Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4353

Published: 2023-08-15

BDU:2023-04870

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4352

Published: 2023-08-15

BDU:2023-04871

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4355

Published: 2023-08-15

BDU:2023-04872

Уязвимость автономного режима браузера Google Chrome для Android, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-2312

Published: 2023-08-15

BDU:2023-04873

Уязвимость компонента Device Trust Connectors браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4349

Published: 2023-08-15

BDU:2023-04874

Уязвимость цвета фона браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References:

CVE-2023-4360

Published: 2023-08-15

BDU:2023-04875

Уязвимость компонента XML браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2023-4357

Published: 2023-08-15

BDU:2023-04876

Уязвимость компонента Mojom IDL браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4362

Published: 2023-08-15

BDU:2023-04881

Уязвимость компонента WebShare браузера Google Chrome для Android, позволяющая нарушителю подделать содержимое адресной строки

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

CVE-2023-4363

Published: 2023-08-15

BDU:2023-04882

Уязвимость реализации прикладного программного интерфейса Fullscreen браузера Google Chrome, позволяющая нарушителю подделать обойти существующие ограничения безопасности

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

CVE-2023-4365

Published: 2023-08-22

BDU:2023-04890

Уязвимость компонента Fonts браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4431

Published: 2023-08-22

BDU:2023-04904

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4430

Published: 2023-08-22

BDU:2023-04905

Уязвимость загрузчика браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4429

Published: 2023-08-22

BDU:2023-04906

Уязвимость компонента CSS браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4428

Published: 2023-08-22

BDU:2023-04907

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4427

Published: 2021-08-29

BDU:2023-05107

Уязвимость компонента MediaStream браузеров Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4572

Published: 2023-09-05

BDU:2023-05228

Уязвимость компонента BFCache браузера Google Chrome, позволяющая нарушителю проводить спуфинг-атаки

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4764

Published: 2023-09-05

BDU:2023-05240

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4762

Published: 2023-09-05

BDU:2023-05241

Уязвимость компонента FedCM браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4761

Published: 2023-09-05

BDU:2023-05249

Уязвимость компонента Networks браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4763

Published: 2023-09-11

BDU:2023-05510

Уязвимость библиотеки libwebp для кодирования и декодирования изображений в формате WebP, связанная с чтением за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-4863

Published: 2023-03-22
Modified: 2024-11-21

CVE-2023-1528

Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-03-22
Modified: 2024-11-21

CVE-2023-1529

Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2023-03-22
Modified: 2024-11-21

CVE-2023-1530

Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-03-22
Modified: 2024-11-21

CVE-2023-1531

Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-03-22
Modified: 2024-11-21

CVE-2023-1532

Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-03-22
Modified: 2024-11-21

CVE-2023-1533

Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-03-22
Modified: 2024-11-21

CVE-2023-1534

Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1810

Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1811

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1812

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1813

Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1814

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1815

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1816

Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1817

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1818

Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1819

Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1820

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1821

Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1822

Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-04-05
Modified: 2024-11-21

CVE-2023-1823

Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-04-14
Modified: 2025-02-19

CVE-2023-2033

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-04-19
Modified: 2024-11-21

CVE-2023-2133

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-04-19
Modified: 2024-11-21

CVE-2023-2134

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-04-19
Modified: 2024-11-21

CVE-2023-2135

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-04-19
Modified: 2025-02-19

CVE-2023-2136

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Severity: CRITICAL (9.6) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Published: 2023-04-19
Modified: 2024-11-21

CVE-2023-2137

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-07-29
Modified: 2024-11-21

CVE-2023-2311

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-2312

Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-12
Modified: 2024-11-21

CVE-2023-2457

Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-12
Modified: 2024-11-21

CVE-2023-2458

Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-03
Modified: 2024-11-21

CVE-2023-2459

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-05-03
Modified: 2024-11-21

CVE-2023-2460

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

References:

Published: 2023-05-03
Modified: 2024-11-21

CVE-2023-2461

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-03
Modified: 2024-11-21

CVE-2023-2462

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-05-03
Modified: 2024-11-21

CVE-2023-2463

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-05-03
Modified: 2024-11-21

CVE-2023-2464

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-05-03
Modified: 2024-11-21

CVE-2023-2465

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

Published: 2023-05-03
Modified: 2024-11-21

CVE-2023-2466

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-05-03
Modified: 2024-11-21

CVE-2023-2467

Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-05-03
Modified: 2024-11-21

CVE-2023-2468

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-05-16
Modified: 2024-11-21

CVE-2023-2721

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-16
Modified: 2024-11-21

CVE-2023-2723

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-16
Modified: 2024-11-21

CVE-2023-2724

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-16
Modified: 2024-11-21

CVE-2023-2725

Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-16
Modified: 2024-11-21

CVE-2023-2726

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-31
Modified: 2024-11-21

CVE-2023-2929

Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-31
Modified: 2024-11-21

CVE-2023-2930

Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-31
Modified: 2024-11-21

CVE-2023-2931

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-31
Modified: 2024-11-21

CVE-2023-2932

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-31
Modified: 2024-11-21

CVE-2023-2933

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-31
Modified: 2024-11-21

CVE-2023-2934

Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-31
Modified: 2024-11-21

CVE-2023-2935

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-31
Modified: 2024-11-21

CVE-2023-2936

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-31
Modified: 2025-03-11

CVE-2023-2937

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-05-31
Modified: 2025-03-18

CVE-2023-2938

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-05-31
Modified: 2024-11-21

CVE-2023-2939

Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-05-31
Modified: 2025-03-12

CVE-2023-2940

Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-05-31
Modified: 2025-03-11

CVE-2023-2941

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-06-06
Modified: 2025-02-05

CVE-2023-3079

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-06-13
Modified: 2024-11-21

CVE-2023-3214

Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-06-13
Modified: 2024-11-21

CVE-2023-3215

Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-06-13
Modified: 2024-11-21

CVE-2023-3216

Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-06-13
Modified: 2024-11-21

CVE-2023-3217

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-06-27
Modified: 2024-11-21

CVE-2023-3420

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-06-27
Modified: 2024-11-21

CVE-2023-3421

Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-06-27
Modified: 2024-11-21

CVE-2023-3422

Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-07-29
Modified: 2024-11-21

CVE-2023-3598

Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-02
Modified: 2024-11-21

CVE-2023-3727

Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-02
Modified: 2024-11-21

CVE-2023-3728

Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-02
Modified: 2024-11-21

CVE-2023-3730

Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-02
Modified: 2024-11-21

CVE-2023-3732

Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-02
Modified: 2024-11-21

CVE-2023-3733

Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-08-02
Modified: 2024-11-21

CVE-2023-3734

Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-08-02
Modified: 2024-11-21

CVE-2023-3735

Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-08-02
Modified: 2024-11-21

CVE-2023-3737

Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-08-02
Modified: 2024-11-21

CVE-2023-3738

Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-08-02
Modified: 2024-11-21

CVE-2023-3740

Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-08-03
Modified: 2024-11-21

CVE-2023-4068

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Published: 2023-08-03
Modified: 2024-11-21

CVE-2023-4069

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-03
Modified: 2024-11-21

CVE-2023-4070

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Published: 2023-08-03
Modified: 2024-11-21

CVE-2023-4071

Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-03
Modified: 2024-11-21

CVE-2023-4072

Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-03
Modified: 2024-11-21

CVE-2023-4074

Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-03
Modified: 2024-11-21

CVE-2023-4075

Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-03
Modified: 2024-11-21

CVE-2023-4076

Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-03
Modified: 2024-11-21

CVE-2023-4077

Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-03
Modified: 2024-11-21

CVE-2023-4078

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4349

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4350

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4351

Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4352

Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4353

Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4354

Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4355

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4356

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4357

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4358

Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4359

Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4360

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4361

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4362

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4363

Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4364

Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4365

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4366

Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4367

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-08-15
Modified: 2024-11-21

CVE-2023-4368

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-23
Modified: 2024-11-21

CVE-2023-4427

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Published: 2023-08-23
Modified: 2024-11-21

CVE-2023-4428

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Published: 2023-08-23
Modified: 2024-11-21

CVE-2023-4429

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-23
Modified: 2024-11-21

CVE-2023-4430

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-08-23
Modified: 2024-11-21

CVE-2023-4431

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Published: 2023-08-29
Modified: 2024-11-21

CVE-2023-4572

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-09-06
Modified: 2024-11-21

CVE-2023-4761

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Published: 2023-09-06
Modified: 2024-12-20

CVE-2023-4762

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-09-06
Modified: 2024-11-21

CVE-2023-4763

Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-09-06
Modified: 2024-11-21

CVE-2023-4764

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2023-09-12
Modified: 2025-03-13

CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2023-09-13
Modified: 2024-11-21

CVE-2023-4900

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-09-13
Modified: 2024-11-21

CVE-2023-4901

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-09-13
Modified: 2024-11-21

CVE-2023-4902

Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-09-13
Modified: 2024-11-21

CVE-2023-4903

Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-09-13
Modified: 2024-11-21

CVE-2023-4904

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-09-13
Modified: 2024-11-21

CVE-2023-4905

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-09-13
Modified: 2024-11-21

CVE-2023-4906

Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-09-13
Modified: 2024-11-21

CVE-2023-4907

Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-09-13
Modified: 2024-11-21

CVE-2023-4908

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Published: 2023-09-13
Modified: 2024-11-21

CVE-2023-4909

Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Version: 2.1.0

ALT-BU-2023-5840-1

Closed vulnerabilities