Lucene search

K
citrixCitrixCTX581768
HistoryOct 06, 2023 - 8:18 p.m.

Impact of Chromium vulnerabilities CVE-2023-4863 and CVE-2023-5217 on Cloud Software Group products

2023-10-0620:18:12
support.citrix.com
44
chromium
vulnerabilities
cve-2023-4863
cve-2023-5217
cloud software group
impact
citrix
enterprise browser
heap overflow.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.644

Percentile

97.9%

Cloud Software Group will continue to update this post as additional information becomes available.

Summary

Google Chromium Heap-Based Buffer Overflow Vulnerability

Cloud Software Group is aware of the vulnerabilities (CVE-2023-4863 and CVE-2023-5217) that impact Chromium.

CVE-2023-4863 description: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and prior to libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

CVE-2023-5217 description: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

We are continuing to evaluate the potential impact of these vulnerabilities on our products. Cloud Software Group will provide further information as it becomes available.

Affected Products

Citrix Enterprise Browser for Citrix Workspace app

Affected Versions

Citrix Enterprise Browser versions before v117 for Citrix Workspace app 2309

What customers should do

Citrix strongly suggest customers to install Citrix Enterprise Browser v117 or later versions:

Citrix Workspace app for Windows:

Install Workspace app for Windows 2309 or later versions which contains Citrix Enterprise Browser v117 - <https://www.citrix.com/downloads/workspace-app/windows/workspace-app-for-windows-latest.html&gt;

Citrix Workspace app for Mac:

Install Citrix Enterprise Browser v117 or later versions - <https://www.citrix.com/downloads/workspace-app/citrix-enterprise-browser-for-mac/workspace-app-for-CEB-Mac-Latest.html&gt;

References:

<https://www.chromium.org/Home/&gt;

<https://nvd.nist.gov/vuln/detail/CVE-2023-4863&gt;

<https://nvd.nist.gov/vuln/detail/CVE-2023-5217&gt;

Changelog

Date Change
2023-10-06 Initial Publication
2023-10-13 Adding Impact analysis for Citrix Enterprise Browser for CWA

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.644

Percentile

97.9%