8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.65 Medium
EPSS
Percentile
97.9%
Cloud Software Group will continue to update this post as additional information becomes available.
Summary
Google Chromium Heap-Based Buffer Overflow Vulnerability
Cloud Software Group is aware of the vulnerabilities (CVE-2023-4863 and CVE-2023-5217) that impact Chromium.
CVE-2023-4863 description: Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and prior to libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVE-2023-5217 description: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
We are continuing to evaluate the potential impact of these vulnerabilities on our products. Cloud Software Group will provide further information as it becomes available.
Citrix Enterprise Browser for Citrix Workspace app
Citrix Enterprise Browser versions before v117 for Citrix Workspace app 2309
Citrix strongly suggest customers to install Citrix Enterprise Browser v117 or later versions:
Install Workspace app for Windows 2309 or later versions which contains Citrix Enterprise Browser v117 - <https://www.citrix.com/downloads/workspace-app/windows/workspace-app-for-windows-latest.html>
Install Citrix Enterprise Browser v117 or later versions - <https://www.citrix.com/downloads/workspace-app/citrix-enterprise-browser-for-mac/workspace-app-for-CEB-Mac-Latest.html>
<https://www.chromium.org/Home/>
<https://nvd.nist.gov/vuln/detail/CVE-2023-4863>
<https://nvd.nist.gov/vuln/detail/CVE-2023-5217>
Date | Change |
---|---|
2023-10-06 | Initial Publication |
2023-10-13 | Adding Impact analysis for Citrix Enterprise Browser for CWA |