Lucene search

China National Vulnerability DatabaseCNVD-2023-65158

HistoryAug 03, 2023 - 12:00 a.m.

Google Chrome Input Validation Error Vulnerability (CNVD-2023-65158)

2023-08-0300:00:00

China National Vulnerability Database

www.cnvd.org.cn

google chrome

input validation

vulnerability

chromeos

untrusted input

chromad

arbitrary code

shell script

exploit

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

23.6%

JSON

Google Chrome is a web browser from Google, an American company. An input validation error vulnerability previously existed in Google Chrome on ChromeOS version 115.0.5790.98, which stemmed from an insufficient validation of untrusted input in Chromad. An attacker could exploit the vulnerability to execute arbitrary code via a crafted shell script.

CPENameOperatorVersion
google chrome <115.eq0.5790.98

CPE	Name	Operator	Version
	google chrome <115.	eq	0.5790.98

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

23.6%

JSON

Related for CNVD-2023-65158