PT-2023-4178 · Google+3 · Google Chrome+3

Derin Eryilmaz

·

Publicado

2023-07-04

·

Atualizado

2024-11-29

·

CVE-2023-4078

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 115.0.5790.170
Description The issue is related to an inappropriate implementation in the Extensions component of Google Chrome, which could allow an attacker to inject scripts or HTML into a privileged page via a crafted Chrome Extension. This could be achieved if the attacker convinces a user to install a malicious extension. The vulnerability is associated with incorrectly implemented security checks for standard elements, potentially enabling a remote attacker to conduct cross-site scripting attacks by loading a special extension.
Recommendations For Google Chrome versions prior to 115.0.5790.170, update to version 115.0.5790.170 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to only trusted sources until the update is applied.

Exploit

Correção

Improperly Implemented Security Check for Standard

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-358

Identificadores relacionados

ALT-PU-2023-5067
ALT-PU-2023-5296
ALT-PU-2023-5790
ALT-PU-2023-6281
ALT-PU-2023-6350
ALT-PU-2023-6351
ALT-PU-2023-6567
ALT-PU-2024-14286
ALT-PU-2024-14830
BDU:2023-04491
CVE-2023-4078
DSA-5467-1
OPENSUSE-SU-2023:0216-1
OPENSUSE-SU-2023:0251-1
OPENSUSE-SU-2023_0251-1
OPENSUSE-SU-2024:13092-1
OPENSUSE-SU-2024:13102-1

Produtos afetados

Alt Linux
Astra Linux
Google Chrome
Suse