Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-1813
HistoryApr 04, 2023 - 12:00 a.m.

CVE-2023-1813

2023-04-0400:00:00
ubuntu.com
ubuntu.com
11
google chrome
insecure implementation
file access restrictions
html page
chromium
ubuntu 19.10

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

48.6%

Inappropriate implementation in Extensions in Google Chrome prior to
112.0.5615.49 allowed an attacker who convinced a user to install a
malicious extension to bypass file access restrictions via a crafted HTML
page. (Chromium security severity: Medium)

Notes

Author Note
alexmurray The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchchromium-browser< 112.0.5615.49-0ubuntu0.18.04.1UNKNOWN

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

48.6%