CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
97.9%
Google is aware that an exploit for CVE-2023-4863 exists in the wild.
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Updated
There is another related security vulnerability.
> There’s another related CVE (CVE-2023-5217) that is fixed in Chromium 117.0.5938.132. This one is triggered by WebCodecs API encoder usage, so a workaround for older versions is to disable the WebCodecs API (--disable-blink-features=WebCodecs
).
As per https://magpcss.org/ceforum/viewtopic.php?f=6&t=19551#p54150
Vendor | Product | Version | CPE |
---|---|---|---|
* | cefsharp.common.netcore | * | cpe:2.3:a:*:cefsharp.common.netcore:*:*:*:*:*:*:*:* |
* | cefsharp.common | * | cpe:2.3:a:*:cefsharp.common:*:*:*:*:*:*:*:* |