Lucene search

K

GoogleOSV:CVE-2023-4078

HistoryAug 03, 2023 - 1:15 a.m.

CVE-2023-4078

2023-08-0301:15:12

Google

osv.dev

7

google chrome

extension security

potential injection

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

5.2

Confidence

High

EPSS

0.003

Percentile

66.0%

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

References

chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html

crbug.com/1461895

lists.fedoraproject.org/archives/list/[email protected]/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/

security.gentoo.org/glsa/202311-11

security.gentoo.org/glsa/202312-07

security.gentoo.org/glsa/202401-34

www.debian.org/security/2023/dsa-5467

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

5.2

Confidence

High

EPSS

0.003

Percentile

66.0%

Related for OSV:CVE-2023-4078

veracode1 cnvd1 debiancve1 nvd1 ubuntucve1 cve1 prion1 mscve1 cvelist1 nessus11 debian1 openvas8 chrome1 osv3 kaspersky3 freebsd1 gentoo3 fedora1 rapid7blog1