ALT-BU-2023-5840-3

Branch sisyphus update bulletin.

Package chromium-gost updated to version 117.0.5938.62-alt1 for branch sisyphus in task 330039.

Уязвимость компонента Passwords браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-1528

Уязвимость интерфейса WebHID (Human Interface Device) браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-1529

Уязвимость компонента PDFium браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Уязвимость компонента WebProtect браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-1533

Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-1531

Уязвимость компонента GPU Video браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2023-1532

Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2023-1534

Уязвимость технологии Picture In Picture браузера Google Chrome, позволяющая нарушителю выполнить спуфинговую атаку

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-1816

Уязвимость службы Safe Browsing браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-1814

Уязвимость компонента Networking API браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-1815

Уязвимость компонента Visuals браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-1810

Уязвимость расширений браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-1813

Уязвимость компонента Frames браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-1811

Уязвимость истории браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

CVE-2023-1820

Уязвимость функции Intents браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-1817

Уязвимость компонента FedCM браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-1823

Уязвимость компонента WebShare браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-1821

Уязвимость компонента DOM Bindings браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-1812

Уязвимость режима рендеринга Vulkan браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-1818

Уязвимость функции Navigation браузера Google Chrome, позволяющая нарушителю выполнить спуфинговую атаку

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-1822

Уязвимость компонента Accessibility браузера Google Chrome, позволяющая нарушителю раскрыть защищаемую информацию

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

CVE-2023-1819

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2033

Уязвимость библиотеки Skia браузера Google Chrome, позволяющая нарушителю выйти из изолированной программной среды и выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2136

Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5)Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (7.6)Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

References:

CVE-2023-2135

Уязвимость скрипта Service Worker API веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2134

Уязвимость компонента SQLite веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2137

Уязвимость скрипта Service Worker API веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2133

Уязвимость реализации полноэкранного режима (Full Screen Mode) браузера Google Chrome, позволяющая нарушителю скрыть содержимое адресной строки Omnibox

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N

References:

CVE-2023-2463

Уязвимость реализации механизма CORS (Cross-Origin Resource Sharing) браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2023-2465

Уязвимость расширений браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации

Severity: HIGH (7.1)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

Severity: HIGH (8.5)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:P

References:

CVE-2023-2460

Уязвимость технологии Picture-in-Picture (PiP) браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-2468

Уязвимость компонента Prompts браузера Google Chrome операционных систем Android, позволяющая нарушителю обойти ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

CVE-2023-2467

Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-2466

Уязвимость технологии Picture-in-Picture (PiP) браузера Google Chrome, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-2464

Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-2462

Уязвимость расширения Google Input Tools Chrome OS браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2461

Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N

References:

CVE-2023-2459

Уязвимость функции Navigation браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2721

Уязвимость компонента ChromeOS Audio Server браузера Google Chrome операционных систем ChromeOS и ChromeOS Flex, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-2457

Уязвимость компонента ChromeOS Camera браузера Google Chrome операционных систем ChromeOS и ChromeOS Flex, позволяющая нарушителю выполнить произвольный код

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-2458

Уязвимость интерфейса автозаполнения Autofill браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2722

Уязвимость режима Guest View браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2725

Уязвимость библиотеки SwiftShader веб-браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2929

Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3079

Уязвимость функции автозаполнения Autofill Payments браузера Google Chrome, повыполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3214

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3420

Уязвимость компонента WebApp Installs браузера Google Chrome, позволяющая нарушителю обойти ограничения безопасности

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2726

Уязвимость компонента Media браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3421

Уязвимость компонента WebXR WebRTC браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3217

Уязвимость компонента Guest View браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3422

Уязвимость компонента Extensions API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю установить произвольное расширение

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-2941

Уязвимость установщика браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.8)Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2939

Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3727

Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.8)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3728

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2724

Уязвимость набора инструментов для веб-разработки DevTools веб-браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2723

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2935

Уязвимость IPC-библиотеки Mojo браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2934

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2936

Уязвимость технологии Picture In Picture браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-2937

Уязвимость обработчика PDF-содержимого браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2933

Уязвимость реализации технологии WebRTC браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3215

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3216

Уязвимость технологии Picture In Picture браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-2938

Уязвимость компонента Notifications (Уведомления) браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2023-3737

Уязвимость запросов на получение разрешений сайтов (Permission Prompts) браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2023-3735

Уязвимость компонента Tab Groups браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3730

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2023-3736

Уязвимость IPC-библиотеки Mojo браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3732

Уязвимость технологии Picture In Picture браузера Google Chrome, позволяющая нарушителю проводить фишинг-атаки

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2023-3734

Уязвимость функции автозаполнения Autofill браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2023-3738

Уязвимость компонента WebApp Installs браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальной информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

References:

CVE-2023-3733

Уязвимость компонента Themes браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2023-3740

Уязвимость компонента Security Processor браузера Google Chrome операционной системы Chrome OS, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (4.6)Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: MEDIUM (4.9)Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2023-3497

Уязвимость загрузчика браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N

References:

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4068

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4069

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4070

Уязвимость реализации прикладного программного интерфейса File System браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N

References:

CVE-2023-2311

Уязвимость компонента Sandbox браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации, нарушить ее целостность или вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2313

Уязвимость компонента Visuals браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4071

Уязвимость компонента Extensions (Расширения) браузера Google Chrome, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: MEDIUM (6.4)Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Severity: MEDIUM (6.6)Vector: AV:N/AC:H/Au:N/C:C/I:P/A:P

References:

CVE-2023-4078

Уязвимость технологии WebRTC браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4076

Уязвимость компонента Cast (Трансляция) браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4075

Уязвимость планировщика задач Task Scheduling браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4074

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4077

Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4073

Уязвимость компонента WebGL браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4072

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3598

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

CVE-2023-4364

Уязвимость компонента Extensions API браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4368

Уязвимость компонента Network браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или, возможно, оказать другое воздействие

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4351

Уязвимость реализации прикладного программного интерфейса Fullscreen браузера Google Chrome для Android, позволяющая нарушителю подделать содержимое омнибокса

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N

References:

CVE-2023-4350

Уязвимость средства запуска App Launcher браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

CVE-2023-4359

Уязвимость компонента Audio браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4356

Уязвимость DNS службы браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4358

Уязвимость компонента Extensions API браузера Google Chrome, позволяющая нарушителю установить произвольное расширение

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N

References:

CVE-2023-4367

Уязвимость компонента Extensions API браузера Google Chrome, позволяющая нарушителю установить произвольное расширение

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4366

Уязвимость графической библиотеки Skia браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4354

Уязвимость функции автозаполнения Autofill браузера Google Chrome для Android, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

CVE-2023-4361

Уязвимость библиотеки ANGLE браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4353

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4352

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4355

Уязвимость автономного режима браузера Google Chrome для Android, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2312

Уязвимость компонента Device Trust Connectors браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4349

Уязвимость цвета фона браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

CVE-2023-4360

Уязвимость компонента XML браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.3)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2023-4357

Уязвимость компонента Mojom IDL браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4362

Уязвимость компонента WebShare браузера Google Chrome для Android, позволяющая нарушителю подделать содержимое адресной строки

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4363

Уязвимость реализации прикладного программного интерфейса Fullscreen браузера Google Chrome, позволяющая нарушителю подделать обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4365

Уязвимость компонента Fonts браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4431

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4430

Уязвимость загрузчика браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4429

Уязвимость компонента CSS браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4428

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4427

Уязвимость компонента MediaStream браузеров Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4572

Уязвимость компонента BFCache браузера Google Chrome, позволяющая нарушителю проводить спуфинг-атаки

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4764

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4762

Уязвимость компонента FedCM браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4761

Уязвимость компонента Networks браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4763

Уязвимость библиотеки libwebp для кодирования и декодирования изображений в формате WebP, связанная с чтением за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4863

Уязвимость компонента Systems Extensions браузера Google Chrome операционных систем ChromeOS, позволяющая нарушителю установить произвольное расширение

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4369

Уязвимость пользовательских вкладок браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4900

Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4901

Уязвимость компонента Input браузера Google Chrome, позволяющая нарушителю подменить пользовательский интерфейс

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4902

Уязвимость пользовательских вкладок браузера Google Chrome, позволяющая нарушителю подменить пользовательский интерфейс

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4903

Уязвимость компонента Prompts браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4905

Уязвимость компонента Downloads браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4904

Уязвимость функции автозаполнения Autofill браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4906

Уязвимость компонента Intents браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4907

Уязвимость технологии Picture In Picture браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4908

Уязвимость компонента Interstitials браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-4909

Уязвимость компонента PDF веб-браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Уязвимость компонента Extensions веб-браузера Google Chrome, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-2930

Уязвимость компонента Android Debug Bridge (ADB) браузера Google Chrome операционной системы Chrome OS, позволяющая нарушителю обойти ограничения безопасности

Severity: MEDIUM (6.8)Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-3742

Уязвимость библиотеки SwiftShader браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2024-3176

Уязвимость компонента Permission Prompt Handler браузера Google Chrome, позволяющая нарушителю установить вредоносное приложение и потенциально выполнить выход из изолированной программной среды

Severity: HIGH (7.5)Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (7.6)Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

References:

CVE-2023-7012

Уязвимость компонента WebRTC браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность данных

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-7010

Уязвимость графической библиотеки Skia браузера Google Chrome, позволяющая нарушителю выполнить выход из изолированной программной среды

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2023-4860

Уязвимость функции Navigation браузера Google Chrome, позволяющая нарушителю проводить спуфинг-атаки

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

CVE-2023-7282

Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Severity: CRITICAL (9.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (7.1)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

References:

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)

Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. (Chromium security severity: Medium)

Severity: MEDIUM (4.6)Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)

Severity: MEDIUM (6.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High)

Severity: MEDIUM (6.8)Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (5.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (5.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.1)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References:

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Severity: CRITICAL (9.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

Use after free in WebRTC in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium)

Severity: CRITICAL (9.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References:

https://issues.chromium.org/issues/40056040

Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Bundled libwebp in imagecodecs vulnerable

References:

opencv-contrib-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (8.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References:

libwebp: OOB write in BuildHuffmanTable

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

opencv-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (8.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References:

opencv-python bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (8.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References:

opencv-contrib-python-headless bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863

Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: HIGH (8.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References:

Vulnerable version of libwebp and can be exploited with a malicious source image

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

ALT-BU-2023-5840-3

Closed vulnerabilities