Veracode Vulnerability DatabaseVERACODE:44118

HistoryNov 02, 2023 - 6:39 p.m.

Remote Code Execution (RCE)

2023-11-0218:39:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

remote code execution

chromium

vulnerability

downloads

security ui

malicious attacker

crafted html page

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

60.8%

JSON

chromium is vulnerable to Remote Code Execution (RCE). The vulnerability exists due to the incorrect security UI in Downloads, which allows a remote malicious attacker to obfuscate security UI via a crafted HTML page.

References

chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html

crbug.com/1456876

lists.fedoraproject.org/archives/list/[email protected]/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2/

lists.fedoraproject.org/archives/list/[email protected]/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H/

lists.fedoraproject.org/archives/list/[email protected]/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V/

security-tracker.debian.org/tracker/CVE-2023-5853

security.gentoo.org/glsa/202311-11

security.gentoo.org/glsa/202312-07

security.gentoo.org/glsa/202401-34

www.debian.org/security/2023/dsa-5546

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

60.8%

JSON

Related for VERACODE:44118