GoogleOSV:CVE-2023-4900

HistorySep 12, 2023 - 9:15 p.m.

CVE-2023-4900

2023-09-1221:15:08

Google

osv.dev

google chrome

custom tabs

android

remote attacker

html page

vulnerability

medium severity

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

Low

EPSS

0.001

Percentile

50.6%

JSON

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)

References

chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html

crbug.com/1430867

lists.fedoraproject.org/archives/list/[email protected]/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/

lists.fedoraproject.org/archives/list/[email protected]/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/

lists.fedoraproject.org/archives/list/[email protected]/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/

security.gentoo.org/glsa/202401-34

www.debian.org/security/2023/dsa-5499

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

5.2

Confidence

Low

EPSS

0.001

Percentile

50.6%

JSON

Related for OSV:CVE-2023-4900