PT-2022-6431 · Google+2 · Google Chrome For Android+2

Ahmed Elmasry

Published

2022-12-07

Updated

2024-11-29

CVE-2023-1223

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome for Android versions prior to 111.0.5563.64

Description The issue is related to insufficient policy enforcement in the Autofill function of Google Chrome for Android. This can be exploited by a remote attacker using a specially crafted HTML page to gain unauthorized access to protected information, potentially leaking cross-origin data.

Recommendations For versions prior to 111.0.5563.64, update to version 111.0.5563.64 or later to resolve the issue. As a temporary workaround, consider disabling the Autofill function until a patch is available. Restrict access to sensitive information when using Google Chrome for Android on affected versions to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2023-1403

ALT-PU-2023-1450

ALT-PU-2023-1928

ALT-PU-2023-1998

ALT-PU-2023-2011

ALT-PU-2023-2021

ALT-PU-2023-4119

ALT-PU-2024-14286

ALT-PU-2024-14830

BDU:2023-01241

CVE-2023-1223

DSA-5371-1

MGASA-2023-0090

OPENSUSE-SU-2023:0068-1

OPENSUSE-SU-2023:0114-1

OPENSUSE-SU-2023:0115-1

OPENSUSE-SU-2023_0114-1

OPENSUSE-SU-2023_0115-1

OPENSUSE-SU-2024:12775-1

OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux

Google Chrome For Android

Suse

PT-2022-6431 · Google+2 · Google Chrome For Android+2

CVE-2023-1223

Weakness Enumeration

Related Identifiers

Affected Products

References · 2343