Vulnerability-Lookup

CVE-2023-5482 (GCVE-0-2023-5482)

Vulnerability from cvelistv5 – Published: 2023-11-01 17:13 – Updated: 2025-04-30 15:05

Summary

Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Insufficient data validation

Assigner

Chrome

References

9 references

URL	Tags
https://chromereleases.googleblog.com/2023/10/sta…
https://crbug.com/1492381
https://www.debian.org/security/2023/dsa-5546
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://security.gentoo.org/glsa/202311-11
https://security.gentoo.org/glsa/202312-07
https://security.gentoo.org/glsa/202401-34

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 119.0.6045.105 , < 119.0.6045.105 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:59:44.855Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://crbug.com/1492381"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5546"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202312-07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-34"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-5482",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:26:04.491606Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-345",
                "description": "CWE-345 Insufficient Verification of Data Authenticity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T15:05:54.313Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "119.0.6045.105",
              "status": "affected",
              "version": "119.0.6045.105",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient data validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T17:07:08.822Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html"
        },
        {
          "url": "https://crbug.com/1492381"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5546"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-11"
        },
        {
          "url": "https://security.gentoo.org/glsa/202312-07"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-34"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2023-5482",
    "datePublished": "2023-11-01T17:13:59.713Z",
    "dateReserved": "2023-10-10T00:12:40.892Z",
    "dateUpdated": "2025-04-30T15:05:54.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-5482",
      "date": "2026-05-28",
      "epss": "0.16735",
      "percentile": "0.95039"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"119.0.6045.105\", \"matchCriteriaId\": \"EB02C074-0B9E-4658-BC8D-5F6198D2E3EB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)\"}, {\"lang\": \"es\", \"value\": \"La validaci\\u00f3n de datos insuficiente en USB en Google Chrome anterior a 119.0.6045.105 permiti\\u00f3 a un atacante remoto realizar acceso a la memoria fuera de los l\\u00edmites a trav\\u00e9s de una p\\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)\"}]",
      "id": "CVE-2023-5482",
      "lastModified": "2024-11-21T08:41:51.757",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2023-11-01T18:15:09.973",
      "references": "[{\"url\": \"https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://crbug.com/1492381\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-11\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-07\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-34\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5546\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://crbug.com/1492381\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-07\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-34\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5546\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "chrome-cve-admin@google.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-345\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-5482\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2023-11-01T18:15:09.973\",\"lastModified\":\"2025-04-30T15:15:59.840\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)\"},{\"lang\":\"es\",\"value\":\"La validaci\u00f3n de datos insuficiente en USB en Google Chrome anterior a 119.0.6045.105 permiti\u00f3 a un atacante remoto realizar acceso a la memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"119.0.6045.105\",\"matchCriteriaId\":\"EB02C074-0B9E-4658-BC8D-5F6198D2E3EB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://crbug.com/1492381\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-11\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-07\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-34\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5546\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://crbug.com/1492381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202312-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-34\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5546\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://crbug.com/1492381\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5546\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-11\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202312-07\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-34\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:59:44.855Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5482\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:26:04.491606Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-345\", \"description\": \"CWE-345 Insufficient Verification of Data Authenticity\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-30T15:05:25.157Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"119.0.6045.105\", \"lessThan\": \"119.0.6045.105\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html\"}, {\"url\": \"https://crbug.com/1492381\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5546\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/\"}, {\"url\": \"https://security.gentoo.org/glsa/202311-11\"}, {\"url\": \"https://security.gentoo.org/glsa/202312-07\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-34\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Insufficient data validation\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2024-01-31T17:07:08.822Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-5482\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-30T15:05:54.313Z\", \"dateReserved\": \"2023-10-10T00:12:40.892Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2023-11-01T17:13:59.713Z\", \"assignerShortName\": \"Chrome\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2023-2790

Vulnerability from csaf_certbund - Published: 2023-10-31 23:00 - Updated: 2024-01-31 23:00

Summary

Google Chrome: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Chrome ist ein Internet-Browser von Google.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome ausnutzen, um beliebigen Programmcode auszuführen, Informationen falsch darzustellen und Informationen offenzulegen.

Betroffene Betriebssysteme: - UNIX - Linux - MacOS X - Windows

CVE-2023-5859

In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgemäße Implementierungen, einen Integer-Überlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion.

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-5858

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-5857

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-5856

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-5855

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-5854

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-5853

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-5852

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-5851

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-5850

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-5849

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-5482

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-5480

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

16 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
http://chromereleases.googleblog.com/2023/10/stab…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://www.debian.org/security/2023/dsa-5546	external
https://lists.debian.org/debian-security-announce…	external
https://kb.igel.com/securitysafety/en/isn-2023-29…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://security.gentoo.org/glsa/202311-11	external
https://security.gentoo.org/glsa/202401-34	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Chrome ist ein Internet-Browser von Google.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Google Chrome ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen falsch darzustellen und Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2790 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2790.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2790 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2790"
      },
      {
        "category": "external",
        "summary": "Chrome Stable Channel Update for Desktop vom 2023-10-31",
        "url": "http://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-14C0898D9A vom 2023-11-06",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-14c0898d9a"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-4CE457DB98 vom 2023-11-06",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-4ce457db98"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-CA644CAD1F vom 2023-11-06",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ca644cad1f"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-6E863522F4 vom 2023-11-06",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-6e863522f4"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5546 vom 2023-11-03",
        "url": "https://www.debian.org/security/2023/dsa-5546"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5546 vom 2023-11-03",
        "url": "https://lists.debian.org/debian-security-announce/2023/msg00242.html"
      },
      {
        "category": "external",
        "summary": "IGEL Security Notice ISN-2023-29 vom 2023-11-09",
        "url": "https://kb.igel.com/securitysafety/en/isn-2023-29-chromium-vulnerabilities-105089371.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-ECA2DAF875 vom 2023-11-10",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-eca2daf875"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-F83B5E84D3 vom 2023-11-10",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-f83b5e84d3"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-E296B98814 vom 2023-11-10",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e296b98814"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-F535D91D21 vom 2023-11-10",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-f535d91d21"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202311-11 vom 2023-11-25",
        "url": "https://security.gentoo.org/glsa/202311-11"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202401-34 vom 2024-01-31",
        "url": "https://security.gentoo.org/glsa/202401-34"
      }
    ],
    "source_lang": "en-US",
    "title": "Google Chrome: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-31T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:00:51.888+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2790",
      "initial_release_date": "2023-10-31T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-31T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-11-05T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora und Debian aufgenommen"
        },
        {
          "date": "2023-11-09T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IGEL aufgenommen"
        },
        {
          "date": "2023-11-12T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-11-26T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Gentoo aufgenommen"
        },
        {
          "date": "2024-01-31T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Gentoo aufgenommen"
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Google Chrome Mac Stable Channel \u003c 119.0.6045.105",
                "product": {
                  "name": "Google Chrome Mac Stable Channel \u003c 119.0.6045.105",
                  "product_id": "T030854",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:mac_stable_channel__119.0.6045.105"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Google Chrome Linux Stable Channel \u003c 119.0.6045.105",
                "product": {
                  "name": "Google Chrome Linux Stable Channel \u003c 119.0.6045.105",
                  "product_id": "T030855",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:linux_stable_channel__119.0.6045.105"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Google Chrome Windows Stable Channel \u003c 119.0.6045.105",
                "product": {
                  "name": "Google Chrome Windows Stable Channel \u003c 119.0.6045.105",
                  "product_id": "T030856",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:windows_stable_channel__119.0.6045.105"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Google Chrome Windows Stable Channel \u003c 119.0.6045.106",
                "product": {
                  "name": "Google Chrome Windows Stable Channel \u003c 119.0.6045.106",
                  "product_id": "T030857",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:windows_stable_channel__119.0.6045.106"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Chrome"
          }
        ],
        "category": "vendor",
        "name": "Google"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IGEL OS",
            "product": {
              "name": "IGEL OS",
              "product_id": "T017865",
              "product_identification_helper": {
                "cpe": "cpe:/o:igel:os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IGEL"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-5859",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgem\u00e4\u00dfe Implementierungen, einen Integer-\u00dcberlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2023-5859"
    },
    {
      "cve": "CVE-2023-5858",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgem\u00e4\u00dfe Implementierungen, einen Integer-\u00dcberlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2023-5858"
    },
    {
      "cve": "CVE-2023-5857",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgem\u00e4\u00dfe Implementierungen, einen Integer-\u00dcberlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2023-5857"
    },
    {
      "cve": "CVE-2023-5856",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgem\u00e4\u00dfe Implementierungen, einen Integer-\u00dcberlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2023-5856"
    },
    {
      "cve": "CVE-2023-5855",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgem\u00e4\u00dfe Implementierungen, einen Integer-\u00dcberlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2023-5855"
    },
    {
      "cve": "CVE-2023-5854",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgem\u00e4\u00dfe Implementierungen, einen Integer-\u00dcberlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2023-5854"
    },
    {
      "cve": "CVE-2023-5853",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgem\u00e4\u00dfe Implementierungen, einen Integer-\u00dcberlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2023-5853"
    },
    {
      "cve": "CVE-2023-5852",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgem\u00e4\u00dfe Implementierungen, einen Integer-\u00dcberlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2023-5852"
    },
    {
      "cve": "CVE-2023-5851",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgem\u00e4\u00dfe Implementierungen, einen Integer-\u00dcberlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2023-5851"
    },
    {
      "cve": "CVE-2023-5850",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgem\u00e4\u00dfe Implementierungen, einen Integer-\u00dcberlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2023-5850"
    },
    {
      "cve": "CVE-2023-5849",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgem\u00e4\u00dfe Implementierungen, einen Integer-\u00dcberlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2023-5849"
    },
    {
      "cve": "CVE-2023-5482",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgem\u00e4\u00dfe Implementierungen, einen Integer-\u00dcberlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2023-5482"
    },
    {
      "cve": "CVE-2023-5480",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome existieren mehrere Schwachstellen. Die Schwachstellen sind auf mehrere unsachgem\u00e4\u00dfe Implementierungen, einen Integer-\u00dcberlauf, Use-after-free-Fehler, mangelnde Sicherheit und eine unzureichende Datenvalidierung in den Komponenten Payments, USB, Downloads, Printing, Profiles, Reading Mode, Side Panel, WebApp Provider und Picture in Picture zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen falsch darzustellen und vertrauliche Informationen offenzulegen. Die erfolgreiche Ausnutzung dieser Schwachstelle erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T017865",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-10-31T23:00:00.000+00:00",
      "title": "CVE-2023-5480"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-5482 (GCVE-0-2023-5482)

WID-SEC-W-2023-2790

Tags

Sightings

Nomenclature