Lucene search

K

Veracode Vulnerability DatabaseVERACODE:43892

HistoryOct 19, 2023 - 6:09 a.m.

Use After Free

2023-10-1906:09:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

chromium

use after free

vulnerability

site isolation

arbitrary code

software

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

56.5%

chromium is vulnerable to Use After Free. An attacker could exploit this vulnerability by tricking a user into visiting a malicious website. The malicious website would contain specially crafted HTML code that would trigger the use-after-free vulnerability in Site Isolation. Once the vulnerability is triggered, the attacker could execute arbitrary code on the user’s computer.

References

chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html

crbug.com/1487110

lists.fedoraproject.org/archives/list/[email protected]/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO/

lists.fedoraproject.org/archives/list/[email protected]/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/

security-tracker.debian.org/tracker/CVE-2023-5218

security.gentoo.org/glsa/202311-11

security.gentoo.org/glsa/202312-07

security.gentoo.org/glsa/202401-34

www.debian.org/security/2023/dsa-5526

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

56.5%

Related for VERACODE:43892

debiancve1 cve1 osv2 prion1 nessus17 mscve1 nvd1 cvelist1 freebsd2 ubuntucve1 alpinelinux1 openvas11 debian1 kaspersky2 mageia1 fedora3 chrome1 redos1 photon2 gentoo3