Veracode Vulnerability DatabaseVERACODE:39847

HistoryMar 18, 2023 - 1:47 p.m.

Authentication Bypass

2023-03-1813:47:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

authentication bypass

google chrome

vulnerability

extensions api

policy enforcement

attacker

navigation restrictions

crafted chrome extension

0.001 Low

EPSS

Percentile

33.2%

JSON

Google Chrome is vulnerable to Authentication Bypass. The vulnerability exists due to the insufficient policy enforcement in Extensions API, which allows an attacker to bypass navigation restrictions via a crafted Chrome Extension.

CPENameOperatorVersion
chromium:sideq88.0.4324.182-1
chromium:sideq83.0.4103.116-3.1
chromium:bullseyeeq83.0.4103.116-3.1
chromium:sideq88.0.4324.182-1
chromium:sideq83.0.4103.116-3.1
chromium:bullseyeeq83.0.4103.116-3.1

Name	Operator	Version
chromium:sid	eq	88.0.4324.182-1
chromium:sid	eq	83.0.4103.116-3.1
chromium:bullseye	eq	83.0.4103.116-3.1
chromium:sid	eq	88.0.4324.182-1
chromium:sid	eq	83.0.4103.116-3.1
chromium:bullseye	eq	83.0.4103.116-3.1

References

chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html

crbug.com/1385343

security-tracker.debian.org/tracker/CVE-2023-1221

Authentication Bypass

References

Related