Lucene search
ChromeCVE-2023-0139HistoryJan 10, 2023 - 8:15 p.m.
CVE-2023-0139
2023-01-1020:15:11
CWE-20
Chrome
web.nvd.nist.gov
84
cve-2023-0139
insufficient validation
untrusted input
downloads
google chrome
windows
bypass
download restrictions
crafted html page
chromium security
low
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
5.8
Confidence
High
EPSS
0.001
Percentile
50.2%
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)
Affected configurations
Node
googlechromeRange<109.0.5414.74
microsoftwindowsMatch-
CNA Affected
[
{
"vendor": "Google",
"product": "Chrome",
"versions": [
{
"version": "unspecified",
"lessThan": "109.0.5414.74",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
veracode
veracode
Insufficient Validation
2023-03-12 22:34:06
mscve
mscve
prion
prion
Input validation
2023-01-10 20:15:00
cvelist
cvelist
CVE-2023-0139
2023-01-10 00:00:00
nvd
nvd
CVE-2023-0139
2023-01-10 20:15:11
debiancve
debiancve
CVE-2023-0139
2023-01-10 20:15:11
cnvd
cnvd
Google Chrome Input Validation Error Vulnerability (CNVD-2023-12024)
2023-01-12 00:00:00
ubuntucve
ubuntucve
CVE-2023-0139
2023-01-10 00:00:00
osv
osv
CVE-2023-0139
2023-01-10 20:15:11
chromium - security update
2023-01-13 00:00:00
chromedriver-109.0.5414.74-1.1 on GA media
2024-06-15 00:00:00
nessus
nessus
openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0016-1)
2023-01-13 00:00:00
Google Chrome < 109.0.5414.74 Multiple Vulnerabilities
2023-01-10 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5317-1)
2023-01-15 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2023-01-10 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerability
2023-01-24 10:58:25
debian
debian
[SECURITY] [DSA 5317-1] chromium security update
2023-01-13 19:18:06
kaspersky
kaspersky
KLA20163 Multiple vulnerabilities in Microsoft Browser
2023-01-12 00:00:00
KLA20150 Multiple vulnerabilities in Google Chrome
2023-01-10 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2023-01-10 00:00:00
altlinux
altlinux
gentoo
gentoo
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
2023-05-03 00:00:00
QtWebEngine: Multiple Vulnerabilities
2023-11-25 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
5.8
Confidence
High
EPSS
0.001
Percentile
50.2%
Related for CVE-2023-0139