Lucene search

GoogleOSV:CVE-2023-2462

HistoryMay 03, 2023 - 12:15 a.m.

CVE-2023-2462

2023-05-0300:15:09

Google

osv.dev

google chrome

prompts

inappropriate implementation

remote attacker

html page

chromium

medium severity

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.003

Percentile

70.4%

JSON

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)

References

chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html

crbug.com/1375133

lists.fedoraproject.org/archives/list/[email protected]/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY/

lists.fedoraproject.org/archives/list/[email protected]/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/

lists.fedoraproject.org/archives/list/[email protected]/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/

security.gentoo.org/glsa/202309-17

www.debian.org/security/2023/dsa-5398

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.003

Percentile

70.4%

JSON

Related for OSV:CVE-2023-2462