CVE-2023-5855

2023-11-0118:15:10

Google

osv.dev

google chrome

use after free

remote attacker

heap corruption

reading mode

ui gestures

cve-2023-5855

software

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.5%

JSON

Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

CPENameOperatorVersion
chromiumeq109.0.5414.74-2
chromiumeq103.0.5060.53-1
chromiumeq108.0.5359.71-1
chromiumeq119.0.6045.199-1
chromiumeq116.0.5845.180-1
chromiumeq117.0.5938.62-1~deb11u1
chromiumeq83.0.4103.116-2
chromiumeq88.0.4324.182-1~deb10u1
chromiumeq99.0.4844.74-1~deb11u1
chromiumeq80.0.3987.162-1

Name	Operator	Version
chromium	eq	109.0.5414.74-2
chromium	eq	103.0.5060.53-1
chromium	eq	108.0.5359.71-1
chromium	eq	119.0.6045.199-1
chromium	eq	116.0.5845.180-1
chromium	eq	117.0.5938.62-1~deb11u1
chromium	eq	83.0.4103.116-2
chromium	eq	88.0.4324.182-1~deb10u1
chromium	eq	99.0.4844.74-1~deb11u1
chromium	eq	80.0.3987.162-1