Lucene search

K

[email protected]NVD:CVE-2023-4078

HistoryAug 03, 2023 - 1:15 a.m.

CVE-2023-4078

2023-08-0301:15:12

[email protected]

web.nvd.nist.gov

cve-2023-4078

inappropriate implementation

google chrome

extensions

malicious extension

script injection

html injection

privileged page

chromium

medium severity

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.9%

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

Affected configurations

NVD

Node

googlechromeRange<115.0.5790.170

References

chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html

crbug.com/1461895

lists.fedoraproject.org/archives/list/[email protected]/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/

security.gentoo.org/glsa/202311-11

security.gentoo.org/glsa/202312-07

security.gentoo.org/glsa/202401-34

www.debian.org/security/2023/dsa-5467

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.9%

Related for NVD:CVE-2023-4078

debiancve1 osv2 veracode1 cnvd1 mscve1 prion1 cvelist1 ubuntucve1 cve1 openvas8 nessus11 kaspersky3 freebsd1 chrome1 debian1 gentoo3 fedora1 rapid7blog1