PT-2023-25899 · Google · Google Chrome
Chaobin Zhang
·
Published
2023-08-01
·
Updated
2023-08-15
·
CVE-2023-3731
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Google Chrome on ChromeOS versions prior to 115.0.5790.131
Description
The issue allows an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. This can occur due to a use after free in Diagnostics.
Recommendations
For versions prior to 115.0.5790.131, update to version 115.0.5790.131 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to trusted sources until the update is applied.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Chrome