Lucene search

GoogleOSV:CVE-2023-4365

HistoryAug 15, 2023 - 6:15 p.m.

CVE-2023-4365

2023-08-1518:15:13

Google

osv.dev

google chrome

fullscreen

inappropriate implementation

security ui

remote attacker

crafted html page

cve-2023-4365

chromium

medium severity

software

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.003

Percentile

68.3%

JSON

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

References

chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

crbug.com/1431043

lists.fedoraproject.org/archives/list/[email protected]/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/

lists.fedoraproject.org/archives/list/[email protected]/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/

security.gentoo.org/glsa/202401-34

www.debian.org/security/2023/dsa-5479

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.003

Percentile

68.3%

JSON

Related for OSV:CVE-2023-4365