CVE-2023-4369

Name of the Vulnerable Software and Affected Versions Google Chrome on ChromeOS versions prior to 116.0.5845.120

Description The issue is related to insufficient data validation in Systems Extensions in Google Chrome on ChromeOS, which can be exploited by an attacker to bypass file restrictions via a crafted HTML page. This can occur if the attacker convinces a user to install a malicious extension. The estimated number of potentially affected devices and real-world incidents are not specified.

Recommendations For Google Chrome on ChromeOS versions prior to 116.0.5845.120, update to version 116.0.5845.120 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to minimize the risk of exploitation. Avoid using crafted HTML pages that could bypass file restrictions until the issue is resolved.