CVE-2023-5718

CVE-2023-5718 affects the Vue.js Devtools extension. The issue allows leakage of base64-encoded screenshots of sensitive resource content via the standard postMessage() API when a malicious page with an iframe targets a sensitive resource and registers a listener. Affected component: the Vue.js D...

CVE-2023-5718

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...

PT-2023-32289 · Unknown · Vue.Js Devtools Extension

Name of the Vulnerable Software and Affected Versions: Vue.js Devtools extension affected versions not specified Description: The Vue.js Devtools extension leaks screenshot data back to a malicious web page via the standard postMessage API. This occurs when a malicious web page with an iFrame...

Vue.js vue-devtools Access Control Error Vulnerability

vue-devtools is a browser development tools extension for debugging Vue.js applications. A security vulnerability exists in Vue.js vue-devtools, which stems from the fact that the extension was found to leak screenshot data back to a malicious web page, postMessage, via the standard API...

Updated chromium-browser-stable packages fix bugs and vulnerabilities

The chromium-browser-stable package has been updated to the 118.0.5993.70 release, fixing 20 bugs and vulnerabilities. Some of the security fixes are: Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18 on 2023-09-27 Medium CVE-2023-5487: Inappropriate implementation in...

4help-app-shared (>=1.0.21 <=1.0.26), 4help-shared (>=1.0.2 <=1.0.20) +3208 more potentially affected by CVE-2023-5654 via react-devtools-core (>=1.0.6 <=4.28.0)

react-devtools-core NPM version =1.0.6, =1.0.21, =1.0.2, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.22, =0.0.12, =1.2.0, =1.0.4, =0.0.1, =0.0.6 and more Source cves: CVE-2023-5654 Source advisory: OSV:GHSA-RXRC-RGV4-JPVX...

Improper Authorization

chromium is vulnerable to Improper Authorization. An attacker could exploit this vulnerability by tricking a user into visiting a malicious website. The website would contain a specially crafted HTML page that would exploit the race condition in DevTools and allow the attacker to break...

Chromium: CVE-2023-5475 Inappropriate implementation in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2023-5475

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2023-5475

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

DEBIAN-CVE-2023-5475

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

Design/Logic Flaw

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2023-5475

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2023-5475

The CVE-2023-5475 issue is an Inappropriate implementation in DevTools of Google Chrome up to version 118.0.5993.70, allowing a user-assisted attacker who installs a crafted malicious extension to bypass discretionary access control. Impact: potential high integrity via extension-based bypass; ex...

CVE-2023-5475

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2023-5475

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

SUSE CVE-2023-5475

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2023-5475

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

Google Chrome < 118.0.5993.70 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 118.0.5993.70. It is, therefore, affected by multiple vulnerabilities as referenced in the 202310stable-channel-update-for-desktop10 advisory. - Use after free in Blink History in Google Chrome prior to 118.0.5993.70...

Stable Channel Update for Desktop

The Stable channel has been updated to 118.0.5993.70 for Mac and Linux and 118.0.5993.70/.71 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. The Extended Stable channel has been updated to 118.0.5993.71 for Windows and...