PT-2023-1505 · Google+2 · Google Chrome+2

Ahmed Elmasry

·

Published

2023-02-07

·

Updated

2024-06-15

·

CVE-2023-0697

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 110.0.5481.77
Description The issue is related to the implementation of full screen mode in Google Chrome, specifically concerning errors in data type mixing. This can be exploited by a remote attacker using a specially crafted HTML page to alter the user interface content. The attacker can spoof the security UI, potentially deceiving users.
Recommendations For versions prior to 110.0.5481.77, update to version 110.0.5481.77 or later to resolve the issue. As a temporary workaround, consider restricting the use of full screen mode until the update is applied.

Fix

Improperly Implemented Security Check for Standard

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-358

Related Identifiers

ALT-PU-2023-1233
ALT-PU-2023-1245
ALT-PU-2023-1410
ALT-PU-2023-1462
ALT-PU-2023-1603
ALT-PU-2023-1671
BDU:2023-00930
CVE-2023-0697
DSA-5345-1
OPENSUSE-SU-2023:0045-1
OPENSUSE-SU-2023:0063-1
OPENSUSE-SU-2023:0115-1
OPENSUSE-SU-2023_0063-1
OPENSUSE-SU-2023_0115-1
OPENSUSE-SU-2024:12675-1
OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux
Google Chrome
Suse