Lucene search

K
osvGoogleOSV:CVE-2023-5487
HistoryOct 11, 2023 - 11:15 p.m.

CVE-2023-5487

2023-10-1123:15:11
Google
osv.dev
1
google chrome
fullscreen
inappropriate implementation
vulnerability
extension
navigation restrictions
crafted chrome extension
medium severity
cve-2023-5487
software security

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

5.4

Confidence

Low

EPSS

0.001

Percentile

36.2%

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

5.4

Confidence

Low

EPSS

0.001

Percentile

36.2%