Lucene search

[email protected]NVD:CVE-2023-5218

HistoryOct 11, 2023 - 11:15 p.m.

CVE-2023-5218

2023-10-1123:15:10

CWE-416

[email protected]

web.nvd.nist.gov

google chrome

vulnerability

site isolation

heap corruption

remote attack

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

56.5%

JSON

Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Affected configurations

Nvd

Node

googlechromeRange<118.0.5993.70

Node

debiandebian_linuxMatch11.0

debiandebian_linuxMatch12.0

Node

fedoraprojectfedoraMatch37

fedoraprojectfedoraMatch38

References

chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html

crbug.com/1487110

lists.fedoraproject.org/archives/list/[email protected]/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO/

lists.fedoraproject.org/archives/list/[email protected]/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/

security.gentoo.org/glsa/202311-11

security.gentoo.org/glsa/202312-07

security.gentoo.org/glsa/202401-34

www.debian.org/security/2023/dsa-5526

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

56.5%

JSON

Related for NVD:CVE-2023-5218

debiancve1 cve1 osv2 prion1 nessus17 mscve1 veracode1 alpinelinux1 cvelist1 freebsd2 ubuntucve1 openvas11 debian1 mageia1 fedora3 chrome1 kaspersky2 redos1 photon2 gentoo3