PT-2023-25899 · Google · Google Chrome
Chaobin Zhang
·
Publicado
2023-08-01
·
Atualizado
2023-08-15
·
CVE-2023-3731
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Google Chrome on ChromeOS versions prior to 115.0.5790.131
Description
The issue allows an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. This can occur due to a use after free in Diagnostics.
Recommendations
For versions prior to 115.0.5790.131, update to version 115.0.5790.131 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to trusted sources until the update is applied.
Exploit
Correção
Use After Free
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Google Chrome