Lucene search

K

GoogleOSV:CVE-2023-5487

HistoryOct 11, 2023 - 11:15 p.m.

CVE-2023-5487

2023-10-1123:15:11

Google

osv.dev

3

google chrome

fullscreen

inappropriate implementation

vulnerability

extension

navigation restrictions

crafted chrome extension

medium severity

cve-2023-5487

software security

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

5.4

Confidence

Low

EPSS

0.001

Percentile

36.2%

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

References

chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html

crbug.com/1062251

lists.fedoraproject.org/archives/list/[email protected]/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO/

lists.fedoraproject.org/archives/list/[email protected]/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/

security.gentoo.org/glsa/202311-11

security.gentoo.org/glsa/202312-07

security.gentoo.org/glsa/202401-34

www.debian.org/security/2023/dsa-5526

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

5.4

Confidence

Low

EPSS

0.001

Percentile

36.2%

Related for OSV:CVE-2023-5487

nvd1 cvelist1 alpinelinux1 veracode1 ubuntucve1 prion1 debiancve1 mscve1 cve1 openvas11 nessus16 kaspersky2 mageia1 fedora3 chrome1 debian1 osv1 freebsd1 redos1 photon2 gentoo3