CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 7CVE-2023-4357 – Debian Security Advisory 5479-1
https://notcve.org/view.php?id=CVE-2023-4357
15 Aug 2023 — Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://github.com/OgulcanUnveren/CVE-2023-4357-APT-Style-exploitation • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4356 – Debian Security Advisory 5479-1
https://notcve.org/view.php?id=CVE-2023-4356
15 Aug 2023 — Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 1CVE-2023-4355 – Debian Security Advisory 5479-1
https://notcve.org/view.php?id=CVE-2023-4355
15 Aug 2023 — Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://packetstorm.news/files/id/174950 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-4354 – Debian Security Advisory 5479-1
https://notcve.org/view.php?id=CVE-2023-4354
15 Aug 2023 — Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) When deserializing an SkPath, there is some basic validation performed to ensure that the contents are consistent. This validation does not use safe integer types, or perform additional validation, so it's possible for a large path to overflow the point count, resulting in an ... • https://packetstorm.news/files/id/174949 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4353 – Debian Security Advisory 5479-1
https://notcve.org/view.php?id=CVE-2023-4353
15 Aug 2023 — Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-4352 – Chrome Read-Only Property Overwrite
https://notcve.org/view.php?id=CVE-2023-4352
15 Aug 2023 — Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) La Confusión de Tipos en V8 en Google Chrome anterior a 116.0.5845.96 permitía a un atacante remoto explotar potencialmente la corrupción de la memoria a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of w... • https://packetstorm.news/files/id/174669 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4351 – Debian Security Advisory 5479-1
https://notcve.org/view.php?id=CVE-2023-4351
15 Aug 2023 — Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4350 – Debian Security Advisory 5479-1
https://notcve.org/view.php?id=CVE-2023-4350
15 Aug 2023 — Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4349 – Debian Security Advisory 5479-1
https://notcve.org/view.php?id=CVE-2023-4349
15 Aug 2023 — Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2312 – Debian Security Advisory 5479-1
https://notcve.org/view.php?id=CVE-2023-2312
15 Aug 2023 — Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html • CWE-416: Use After Free •