PT-2023-9326 · Google+2 · Google Chrome+2
Axel Chong
·
Published
2023-10-31
·
Updated
2024-12-26
·
CVE-2023-7011
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 119.0.6045.105
Description
The issue is related to the Picture in Picture technology in Google Chrome, where a remote attacker can exploit it to spoof the contents of the URL bar using a specially crafted HTML page. This can lead to the distortion of important information in the user interface.
Recommendations
For versions prior to 119.0.6045.105, update to version 119.0.6045.105 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Picture in Picture feature until a patch is applied. Avoid using specially crafted HTML pages that can exploit this issue.
Exploit
Fix
UI Misrepresentation of Critical Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Google Chrome
Red Os