GoogleOSV:CVE-2023-3217

HistoryJun 13, 2023 - 6:15 p.m.

CVE-2023-3217

2023-06-1318:15:22

Google

osv.dev

cve-2023-3217

heap corruption

google chrome

webxr

remote attacker

crafted html page

chromium

high severity

security vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.004

Percentile

74.8%

JSON

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

packetstormsecurity.com/files/173495/Chrome-device-OpenXrApiWrapper-InitSession-Heap-Use-After-Free.html

chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html

crbug.com/1450601

lists.fedoraproject.org/archives/list/[email protected]/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR/

lists.fedoraproject.org/archives/list/[email protected]/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/

security.gentoo.org/glsa/202311-11

security.gentoo.org/glsa/202401-34

www.debian.org/security/2023/dsa-5428

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

0.004

Percentile

74.8%

JSON

Related for OSV:CVE-2023-3217