Lucene search

PRIOn knowledge basePRION:CVE-2023-2460

HistoryMay 03, 2023 - 12:15 a.m.

Input validation

2023-05-0300:15:00

PRIOn knowledge base

www.prio-n.com

google chrome

input validation

extensions

html page

file access

security vulnerability

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)

CPENameOperatorVersion
debian_linuxeq11.0
fedoraeq36
fedoraeq37
fedoraeq38
chromelt113.0.5672.63

Name	Operator	Version
debian_linux	eq	11.0
fedora	eq	36
fedora	eq	37
fedora	eq	38
chrome	lt	113.0.5672.63

References

chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html

crbug.com/1419732

lists.fedoraproject.org/archives/list/[email protected]/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/

lists.fedoraproject.org/archives/list/[email protected]/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/

lists.fedoraproject.org/archives/list/[email protected]/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/

security.gentoo.org/glsa/202309-17

www.debian.org/security/2023/dsa-5398