PT-2023-4178 · Google+3 · Google Chrome+3

Derin Eryilmaz

·

Published

2023-07-04

·

Updated

2024-11-29

·

CVE-2023-4078

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 115.0.5790.170
Description The issue is related to an inappropriate implementation in the Extensions component of Google Chrome, which could allow an attacker to inject scripts or HTML into a privileged page via a crafted Chrome Extension. This could be achieved if the attacker convinces a user to install a malicious extension. The vulnerability is associated with incorrectly implemented security checks for standard elements, potentially enabling a remote attacker to conduct cross-site scripting attacks by loading a special extension.
Recommendations For Google Chrome versions prior to 115.0.5790.170, update to version 115.0.5790.170 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to only trusted sources until the update is applied.

Exploit

Fix

Improperly Implemented Security Check for Standard

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-358

Related Identifiers

ALT-PU-2023-5067
ALT-PU-2023-5296
ALT-PU-2023-5790
ALT-PU-2023-6281
ALT-PU-2023-6350
ALT-PU-2023-6351
ALT-PU-2023-6567
ALT-PU-2024-14286
ALT-PU-2024-14830
BDU:2023-04491
CVE-2023-4078
DSA-5467-1
OPENSUSE-SU-2023:0216-1
OPENSUSE-SU-2023:0251-1
OPENSUSE-SU-2023_0251-1
OPENSUSE-SU-2024:13092-1
OPENSUSE-SU-2024:13102-1

Affected Products

Alt Linux
Astra Linux
Google Chrome
Suse