PT-2023-7684 · Google+4 · Google Chrome+4

R0Ng

Published

2023-11-09

Updated

2024-11-29

CVE-2023-6706

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 120.0.6099.109

Description The issue is related to a use after free in the FedCM component of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could be achieved if the attacker convinces a user to engage in specific UI interaction. The exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service using a specially crafted malicious web page.

Recommendations For versions prior to 120.0.6099.109, update to version 120.0.6099.109 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2023-8110

ALT-PU-2023-8370

ALT-PU-2024-10294

ALT-PU-2024-14286

ALT-PU-2024-14830

BDU:2023-08751

CVE-2023-6706

DSA-5577-1

MGASA-2023-0355

OPENSUSE-SU-2024:0001-1

OPENSUSE-SU-2024:0002-1

OPENSUSE-SU-2024:0020-1

OPENSUSE-SU-2024:13583-1

OPENSUSE-SU-2024:13585-1

OPENSUSE-SU-2024_0001-1

OPENSUSE-SU-2024_0002-1

Affected Products

Alt Linux

Astra Linux

Google Chrome

Red Os

Suse

PT-2023-7684 · Google+4 · Google Chrome+4

CVE-2023-6706

Weakness Enumeration

Related Identifiers

Affected Products

References · 86