CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1528
https://notcve.org/view.php?id=CVE-2023-1528
Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html https://crbug.com/1421773 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN https://security.gentoo.org/glsa/202309-17 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1236
https://notcve.org/view.php?id=CVE-2023-1236
Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html https://crbug.com/1374518 •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1235
https://notcve.org/view.php?id=CVE-2023-1235
Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html https://crbug.com/1404704 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-1234
https://notcve.org/view.php?id=CVE-2023-1234
Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html https://crbug.com/1404621 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1233
https://notcve.org/view.php?id=CVE-2023-1233
Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html https://crbug.com/1045681 •