Vulnerability-Lookup

CVE-2023-4427 (GCVE-0-2023-4427)

Vulnerability from cvelistv5 – Published: 2023-08-22 23:56 – Updated: 2025-02-13 17:13

Summary

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

Out of bounds memory access

Assigner

Chrome

References

8 references

URL	Tags
https://chromereleases.googleblog.com/2023/08/chr…
https://crbug.com/1470668
https://www.debian.org/security/2023/dsa-5483
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
http://packetstormsecurity.com/files/174951/Chrom…
https://security.gentoo.org/glsa/202401-34

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 116.0.5845.110 , < 116.0.5845.110 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:24:04.792Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://crbug.com/1470668"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5483"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-34"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4427",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-01T19:45:12.242654Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T19:45:22.216Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "116.0.5845.110",
              "status": "affected",
              "version": "116.0.5845.110",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out of bounds memory access",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-31T17:06:25.933Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html"
        },
        {
          "url": "https://crbug.com/1470668"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5483"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"
        },
        {
          "url": "http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html"
        },
        {
          "url": "https://security.gentoo.org/glsa/202401-34"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2023-4427",
    "datePublished": "2023-08-22T23:56:13.616Z",
    "dateReserved": "2023-08-18T20:47:34.662Z",
    "dateUpdated": "2025-02-13T17:13:35.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-4427",
      "date": "2026-06-05",
      "epss": "0.83601",
      "percentile": "0.99301"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4427\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2023-08-23T00:15:09.073\",\"lastModified\":\"2024-11-21T08:35:07.510\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)\"},{\"lang\":\"es\",\"value\":\"El acceso a memoria fuera de los l\u00edmites en V8 en Google Chrome anterior a 116.0.5845.110 permit\u00eda a un atacante remoto realizar una lectura de memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"116.0.5845.110\",\"matchCriteriaId\":\"1FFC5A2F-C97A-4FD2-825D-A3C18A1D4D78\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1470668\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-34\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5483\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1470668\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-34\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5483\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://crbug.com/1470668\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5483\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-34\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:24:04.792Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4427\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-01T19:45:12.242654Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-01T19:45:18.428Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"116.0.5845.110\", \"lessThan\": \"116.0.5845.110\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html\"}, {\"url\": \"https://crbug.com/1470668\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5483\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/\"}, {\"url\": \"http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-34\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Out of bounds memory access\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2023-08-22T23:56:13.616Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-4427\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-01T19:45:22.216Z\", \"dateReserved\": \"2023-08-18T20:47:34.662Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2023-08-22T23:56:13.616Z\", \"assignerShortName\": \"Chrome\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2023-2108

Vulnerability from csaf_certbund - Published: 2023-08-22 22:00 - Updated: 2024-01-31 23:00

Summary

Google Chrome und Microsoft Edge: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Chrome ist ein Internet-Browser von Google.

Angriff: Ein entfernter anonymer Angreifer kann eine Schwachstelle in Google Chrome und Microsoft Edge ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, beliebigen Code auszuführen oder vertrauliche Informationen offenzulegen.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2023-4431

In Google Chrome und Microsoft Edge existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten "Vulcan", "Loader", "V8", "Fonts" und "CSS" aufgrund von "use after free" und "out of bounds" Speicherzugriffen. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service Zustand herbeizuführen, beliebigen Code auszuführen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert Benutzerinteraktion.

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Microsoft Edge Microsoft / Edge	`cpe:/a:microsoft:edge:::chromium-based`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-4430

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Microsoft Edge Microsoft / Edge	`cpe:/a:microsoft:edge:::chromium-based`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-4429

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Microsoft Edge Microsoft / Edge	`cpe:/a:microsoft:edge:::chromium-based`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-4428

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Microsoft Edge Microsoft / Edge	`cpe:/a:microsoft:edge:::chromium-based`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2023-4427

Affected products

Known affected 4 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Microsoft Edge Microsoft / Edge	`cpe:/a:microsoft:edge:::chromium-based`	—
Gentoo Linux Gentoo	`cpe:/o:gentoo:linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

32 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://chromereleases.googleblog.com/2023/08/chr…	external
https://learn.microsoft.com/en-us/deployedge/micr…	external
https://lists.debian.org/debian-security-announce…	external
https://learn.microsoft.com/en-us/deployedge/micr…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://security.gentoo.org/glsa/202401-34	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Chrome ist ein Internet-Browser von Google.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer Angreifer kann eine Schwachstelle in Google Chrome und Microsoft Edge ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren oder vertrauliche Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2108 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2108.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2108 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2108"
      },
      {
        "category": "external",
        "summary": "Google Chrome Desktop Stable Update vom 2023-08-22",
        "url": "https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html"
      },
      {
        "category": "external",
        "summary": "Release notes for Microsoft Edge Security Updates vom 2023-08-23",
        "url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5483 vom 2023-08-25",
        "url": "https://lists.debian.org/debian-security-announce/2023/msg00175.html"
      },
      {
        "category": "external",
        "summary": "Release notes for Microsoft Edge Security Updates",
        "url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-D79FF22C5B vom 2023-09-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d79ff22c5b"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-1E441F3098 vom 2023-09-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-1e441f3098"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-EB44EFC398 vom 2023-09-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-eb44efc398"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-4CC86ADBD2 vom 2023-09-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4cc86adbd2"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-E9CE7BF135 vom 2023-09-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e9ce7bf135"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-3EFEAEE7E4 vom 2023-09-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3efeaee7e4"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-509640A8A6 vom 2023-09-13",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-509640a8a6"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-9D0DBED062 vom 2023-09-13",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9d0dbed062"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-788F9BBB3F vom 2023-09-13",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-788f9bbb3f"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-9A6FD7A504 vom 2023-09-13",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9a6fd7a504"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-3BFB63F6D2 vom 2023-09-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-3bfb63f6d2"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-54433BC31F vom 2023-09-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-54433bc31f"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-C66924CB92 vom 2023-09-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c66924cb92"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-D58A84DDA8 vom 2023-09-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-d58a84dda8"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-EA08732E6A vom 2023-09-17",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ea08732e6a"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-79B0154754 vom 2023-09-18",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-79b0154754"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-0DF1F37A48 vom 2023-09-18",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0df1f37a48"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-05DC047BF8 vom 2023-09-18",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-05dc047bf8"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-B427F54E68 vom 2023-09-18",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-b427f54e68"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-981E9F53FF vom 2023-09-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-981e9f53ff"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-9ABC3565B5 vom 2023-09-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9abc3565b5"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-09CC239FE3 vom 2023-09-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-09cc239fe3"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-EDC9C74369 vom 2023-09-30",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-edc9c74369"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-8F3E1B6F78 vom 2023-09-30",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-8f3e1b6f78"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2023-CCA1F87440 vom 2023-09-30",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-cca1f87440"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202401-34 vom 2024-01-31",
        "url": "https://security.gentoo.org/glsa/202401-34"
      }
    ],
    "source_lang": "en-US",
    "title": "Google Chrome und Microsoft Edge: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-01-31T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:57:17.443+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2108",
      "initial_release_date": "2023-08-22T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-22T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-08-23T22:00:00.000+00:00",
          "number": "2",
          "summary": "Microsoft Edge auch betroffen, noch kein Patch verf\u00fcgbar"
        },
        {
          "date": "2023-08-27T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2023-09-10T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-09-13T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-09-17T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-09-18T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-09-24T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2023-10-01T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-01-31T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Gentoo aufgenommen"
        }
      ],
      "status": "final",
      "version": "10"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Google Chrome \u003c 116.0.5845.110",
                "product": {
                  "name": "Google Chrome \u003c 116.0.5845.110",
                  "product_id": "T029454",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:116.0.5845.110"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Google Chrome \u003c 116.0.5845.111",
                "product": {
                  "name": "Google Chrome \u003c 116.0.5845.111",
                  "product_id": "T029455",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:google:chrome:116.0.5845.111"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Chrome"
          }
        ],
        "category": "vendor",
        "name": "Google"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Edge",
                "product": {
                  "name": "Microsoft Edge",
                  "product_id": "T015801",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:edge:::chromium-based"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Edge \u003c 116.0.1938.62",
                "product": {
                  "name": "Microsoft Edge \u003c 116.0.1938.62",
                  "product_id": "T029565",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:edge:116.0.1938.62"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Edge"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-4431",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome und Microsoft Edge existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Vulcan\", \"Loader\", \"V8\", \"Fonts\" und \"CSS\" aufgrund von \"use after free\" und \"out of bounds\" Speicherzugriffen. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T015801",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-08-22T22:00:00.000+00:00",
      "title": "CVE-2023-4431"
    },
    {
      "cve": "CVE-2023-4430",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome und Microsoft Edge existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Vulcan\", \"Loader\", \"V8\", \"Fonts\" und \"CSS\" aufgrund von \"use after free\" und \"out of bounds\" Speicherzugriffen. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T015801",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-08-22T22:00:00.000+00:00",
      "title": "CVE-2023-4430"
    },
    {
      "cve": "CVE-2023-4429",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome und Microsoft Edge existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Vulcan\", \"Loader\", \"V8\", \"Fonts\" und \"CSS\" aufgrund von \"use after free\" und \"out of bounds\" Speicherzugriffen. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T015801",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-08-22T22:00:00.000+00:00",
      "title": "CVE-2023-4429"
    },
    {
      "cve": "CVE-2023-4428",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome und Microsoft Edge existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Vulcan\", \"Loader\", \"V8\", \"Fonts\" und \"CSS\" aufgrund von \"use after free\" und \"out of bounds\" Speicherzugriffen. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T015801",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-08-22T22:00:00.000+00:00",
      "title": "CVE-2023-4428"
    },
    {
      "cve": "CVE-2023-4427",
      "notes": [
        {
          "category": "description",
          "text": "In Google Chrome und Microsoft Edge existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Vulcan\", \"Loader\", \"V8\", \"Fonts\" und \"CSS\" aufgrund von \"use after free\" und \"out of bounds\" Speicherzugriffen. Ein Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service Zustand herbeizuf\u00fchren, beliebigen Code auszuf\u00fchren oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T015801",
          "T012167",
          "74185"
        ]
      },
      "release_date": "2023-08-22T22:00:00.000+00:00",
      "title": "CVE-2023-4427"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-4427 (GCVE-0-2023-4427)

WID-SEC-W-2023-2108

Tags

Sightings

Nomenclature