Lucene search

Ubuntu.comUB:CVE-2023-1233

HistoryMar 07, 2023 - 12:00 a.m.

CVE-2023-1233

2023-03-0700:00:00

ubuntu.com

chrome

insufficient policy enforcement

google chrome

malicious extension

sensitive information

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

31.5%

JSON

Insufficient policy enforcement in Resource Timing in Google Chrome prior
to 111.0.5563.64 allowed an attacker who convinced a user to install a
malicious extension to obtain potentially sensitive information from API
via a crafted Chrome Extension. (Chromium security severity: Low)

Notes

Author	Note
alexmurray	The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur	starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchchromium-browser< 111.0.5563.64-0ubuntu0.18.04.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	chromium-browser	< 111.0.5563.64-0ubuntu0.18.04.5	UNKNOWN

References

chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html

crbug.com/1045681

launchpad.net/bugs/cve/CVE-2023-1233

nvd.nist.gov/vuln/detail/CVE-2023-1233

security-tracker.debian.org/tracker/CVE-2023-1233

ubuntu.com/security/notices/USN-5949-1

www.cve.org/CVERecord?id=CVE-2023-1233

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

31.5%

JSON

Related for UB:CVE-2023-1233