CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 7CVE-2023-4357
https://notcve.org/view.php?id=CVE-2023-4357
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) • https://github.com/OgulcanUnveren/CVE-2023-4357-APT-Style-exploitation https://github.com/lon5948/CVE-2023-4357-Exploitation https://github.com/passwa11/CVE-2023-4357-APT-Style-exploitation https://github.com/xcanwin/CVE-2023-4357-Chrome-XXE https://github.com/sunu11/chrome-CVE-2023-4357 https://github.com/CamillaFranceschini/CVE-2023-4357 https://github.com/WinnieZy/CVE-2023-4357 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html https://crbug.com/14 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4356
https://notcve.org/view.php?id=CVE-2023-4356
Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html https://crbug.com/1449929 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5479 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4355 – Chrome Dangling FixedArray Pointers / Memory Corruption
https://notcve.org/view.php?id=CVE-2023-4355
Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Chrome suffers from an issue with dangling FixedArray pointers in Torque that can lead to memory corruption. • http://packetstormsecurity.com/files/174950/Chrome-Dangling-FixedArray-Pointers-Memory-Corruption.html https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html https://crbug.com/1468943 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S https://security.gentoo.org/glsa/202401-34 https://www.debian.org/securit • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-4354 – Chrome SKIA Integer Overflow
https://notcve.org/view.php?id=CVE-2023-4354
Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) When deserializing an SkPath, there is some basic validation performed to ensure that the contents are consistent. This validation does not use safe integer types, or perform additional validation, so it's possible for a large path to overflow the point count, resulting in an unsafe SkPath object. • http://packetstormsecurity.com/files/174949/Chrome-SKIA-Integer-Overflow.html https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html https://crbug.com/1464215 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5479 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4353
https://notcve.org/view.php?id=CVE-2023-4353
Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html https://crbug.com/1458046 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5479 • CWE-787: Out-of-bounds Write •