Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2023-AVI-0631
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 115.0.1901.200",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-4073",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4073"
},
{
"name": "CVE-2023-4077",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4077"
},
{
"name": "CVE-2023-4070",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4070"
},
{
"name": "CVE-2023-4069",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4069"
},
{
"name": "CVE-2023-4071",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4071"
},
{
"name": "CVE-2023-38157",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38157"
},
{
"name": "CVE-2023-4074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4074"
},
{
"name": "CVE-2023-4075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4075"
},
{
"name": "CVE-2023-4072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4072"
},
{
"name": "CVE-2023-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4068"
},
{
"name": "CVE-2023-4076",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4076"
},
{
"name": "CVE-2023-4078",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4078"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0631",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-4078 du 07 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4078"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-4072 du 07 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4072"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-4071 du 07 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4071"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-4070 du 07 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4070"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-4068 du 07 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4068"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-4075 du 07 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4075"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-4069 du 07 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4069"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-4076 du 07 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4076"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-4073 du 07 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4073"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-4077 du 07 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4077"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38157 du 07 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38157"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-4074 du 07 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4074"
}
]
}
CVE-2023-4071 (GCVE-0-2023-4071)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:27 – Updated: 2025-02-13 17:08
VLAI?
EPSS
Summary
Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity ?
No CVSS data available.
CWE
- Heap buffer overflow
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1458819"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "115.0.5790.170",
"status": "affected",
"version": "115.0.5790.170",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap buffer overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T17:07:38.207Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1458819"
},
{
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"url": "https://security.gentoo.org/glsa/202401-34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-4071",
"datePublished": "2023-08-03T00:27:46.864Z",
"dateReserved": "2023-08-02T00:50:43.920Z",
"dateUpdated": "2025-02-13T17:08:40.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38157 (GCVE-0-2023-38157)
Vulnerability from cvelistv5 – Published: 2023-08-07 17:15 – Updated: 2025-02-28 19:36
VLAI?
EPSS
Summary
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Severity ?
CWE
- Security Feature Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Edge (Chromium-based) |
Affected:
1.0.0 , < 115.0.1901.200
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38157"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:24:20.929002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:36:08.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Edge (Chromium-based)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "115.0.1901.200",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.0.1901.200",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-08-07T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Feature Bypass",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:59:02.937Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38157"
}
],
"title": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-38157",
"datePublished": "2023-08-07T17:15:43.465Z",
"dateReserved": "2023-07-12T23:41:45.861Z",
"dateUpdated": "2025-02-28T19:36:08.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4075 (GCVE-0-2023-4075)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:27 – Updated: 2025-02-13 17:08
VLAI?
EPSS
Summary
Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1457757"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "115.0.5790.170",
"status": "affected",
"version": "115.0.5790.170",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T17:07:34.459Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1457757"
},
{
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"url": "https://security.gentoo.org/glsa/202401-34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-4075",
"datePublished": "2023-08-03T00:27:47.485Z",
"dateReserved": "2023-08-02T00:50:44.667Z",
"dateUpdated": "2025-02-13T17:08:44.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4078 (GCVE-0-2023-4078)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:27 – Updated: 2025-02-13 17:08
VLAI?
EPSS
Summary
Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)
Severity ?
No CVSS data available.
CWE
- Inappropriate implementation
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1461895"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "115.0.5790.170",
"status": "affected",
"version": "115.0.5790.170",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T17:09:28.594Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1461895"
},
{
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"url": "https://security.gentoo.org/glsa/202401-34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-4078",
"datePublished": "2023-08-03T00:27:47.863Z",
"dateReserved": "2023-08-02T00:50:45.296Z",
"dateUpdated": "2025-02-13T17:08:45.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4076 (GCVE-0-2023-4076)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:27 – Updated: 2025-02-13 17:08
VLAI?
EPSS
Summary
Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1459124"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "115.0.5790.170",
"status": "affected",
"version": "115.0.5790.170",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T17:06:40.328Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1459124"
},
{
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"url": "https://security.gentoo.org/glsa/202401-34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-4076",
"datePublished": "2023-08-03T00:27:47.625Z",
"dateReserved": "2023-08-02T00:50:44.859Z",
"dateUpdated": "2025-02-13T17:08:44.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4069 (GCVE-0-2023-4069)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:27 – Updated: 2025-02-13 17:08
VLAI?
EPSS
Summary
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity ?
No CVSS data available.
CWE
- Type Confusion
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1465326"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "115.0.5790.170",
"status": "affected",
"version": "115.0.5790.170",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Type Confusion",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T17:07:42.112Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1465326"
},
{
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"url": "https://security.gentoo.org/glsa/202401-34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-4069",
"datePublished": "2023-08-03T00:27:46.544Z",
"dateReserved": "2023-08-02T00:50:43.253Z",
"dateUpdated": "2025-02-13T17:08:39.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4072 (GCVE-0-2023-4072)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:27 – Updated: 2025-02-13 17:08
VLAI?
EPSS
Summary
Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity ?
No CVSS data available.
CWE
- Out of bounds read and write
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1464038"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "115.0.5790.170",
"status": "affected",
"version": "115.0.5790.170",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of bounds read and write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T17:09:32.920Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1464038"
},
{
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"url": "https://security.gentoo.org/glsa/202401-34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-4072",
"datePublished": "2023-08-03T00:27:47.058Z",
"dateReserved": "2023-08-02T00:50:44.120Z",
"dateUpdated": "2025-02-13T17:08:41.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4074 (GCVE-0-2023-4074)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:27 – Updated: 2025-02-13 17:08
VLAI?
EPSS
Summary
Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity ?
No CVSS data available.
CWE
- Use after free
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1464113"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "115.0.5790.170",
"status": "affected",
"version": "115.0.5790.170",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T17:10:43.414Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1464113"
},
{
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"url": "https://security.gentoo.org/glsa/202401-34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-4074",
"datePublished": "2023-08-03T00:27:47.344Z",
"dateReserved": "2023-08-02T00:50:44.447Z",
"dateUpdated": "2025-02-13T17:08:43.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4077 (GCVE-0-2023-4077)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:27 – Updated: 2025-02-13 17:08
VLAI?
EPSS
Summary
Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)
Severity ?
No CVSS data available.
CWE
- Insufficient data validation
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1451146"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "115.0.5790.170",
"status": "affected",
"version": "115.0.5790.170",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient data validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T17:10:22.598Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1451146"
},
{
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"url": "https://security.gentoo.org/glsa/202401-34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-4077",
"datePublished": "2023-08-03T00:27:47.743Z",
"dateReserved": "2023-08-02T00:50:45.154Z",
"dateUpdated": "2025-02-13T17:08:45.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4073 (GCVE-0-2023-4073)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:27 – Updated: 2025-02-13 17:08
VLAI?
EPSS
Summary
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity ?
No CVSS data available.
CWE
- Out of bounds memory access
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1456243"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "115.0.5790.170",
"status": "affected",
"version": "115.0.5790.170",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out of bounds memory access",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T17:09:54.995Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1456243"
},
{
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"url": "https://security.gentoo.org/glsa/202401-34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-4073",
"datePublished": "2023-08-03T00:27:47.197Z",
"dateReserved": "2023-08-02T00:50:44.249Z",
"dateUpdated": "2025-02-13T17:08:42.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4070 (GCVE-0-2023-4070)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:27 – Updated: 2025-02-13 17:08
VLAI?
EPSS
Summary
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Severity ?
No CVSS data available.
CWE
- Type Confusion
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1462951"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "115.0.5790.170",
"status": "affected",
"version": "115.0.5790.170",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Type Confusion",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T17:09:12.181Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1462951"
},
{
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"url": "https://security.gentoo.org/glsa/202401-34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-4070",
"datePublished": "2023-08-03T00:27:46.683Z",
"dateReserved": "2023-08-02T00:50:43.586Z",
"dateUpdated": "2025-02-13T17:08:40.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4068 (GCVE-0-2023-4068)
Vulnerability from cvelistv5 – Published: 2023-08-03 00:27 – Updated: 2025-02-13 17:08
VLAI?
EPSS
Summary
Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Severity ?
No CVSS data available.
CWE
- Type Confusion
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1466183"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "115.0.5790.170",
"status": "affected",
"version": "115.0.5790.170",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Type Confusion",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T17:10:49.579Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html"
},
{
"url": "https://crbug.com/1466183"
},
{
"url": "https://www.debian.org/security/2023/dsa-5467"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/"
},
{
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"url": "https://security.gentoo.org/glsa/202312-07"
},
{
"url": "https://security.gentoo.org/glsa/202401-34"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2023-4068",
"datePublished": "2023-08-03T00:27:46.212Z",
"dateReserved": "2023-08-02T00:50:42.897Z",
"dateUpdated": "2025-02-13T17:08:37.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…