Lucene search

K

GoogleOSV:CVE-2023-2464

HistoryMay 03, 2023 - 12:15 a.m.

CVE-2023-2464

2023-05-0300:15:09

Google

osv.dev

3

cve-2023-2464

security vulnerability

google chrome

origin spoof

insecure implementation

chromium

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.002

Percentile

52.9%

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)

References

chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html

crbug.com/1418549

lists.fedoraproject.org/archives/list/[email protected]/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/

lists.fedoraproject.org/archives/list/[email protected]/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/

lists.fedoraproject.org/archives/list/[email protected]/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/

security.gentoo.org/glsa/202309-17

www.debian.org/security/2023/dsa-5398

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.002

Percentile

52.9%

Related for OSV:CVE-2023-2464

debiancve1 cvelist1 nvd1 cve1 ubuntucve1 mscve1 veracode1 prion1 osv1 openvas9 nessus9 fedora3 chrome1 kaspersky2 debian1 freebsd1 rapid7blog1 gentoo1