PT-2023-9326 · Google+2 · Google Chrome+2
Axel Chong
·
Publicado
2023-10-31
·
Atualizado
2024-12-26
·
CVE-2023-7011
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 119.0.6045.105
Description
The issue is related to the Picture in Picture technology in Google Chrome, where a remote attacker can exploit it to spoof the contents of the URL bar using a specially crafted HTML page. This can lead to the distortion of important information in the user interface.
Recommendations
For versions prior to 119.0.6045.105, update to version 119.0.6045.105 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Picture in Picture feature until a patch is applied. Avoid using specially crafted HTML pages that can exploit this issue.
Exploit
Correção
UI Misrepresentation of Critical Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Astra Linux
Google Chrome
Red Os