VDB
CVE-2023-3215
CVE-2023-3215
PUBLISHED
Es existieren mehrere Schwachstellen in Google Chrome und Microsoft Edge, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Dabei handelt es sich um Use after free Probleme in "Autofill payments", "WebXR" und "WebRTC", sowie eine Type Confusion in V8. Ein Angreifer kann dies ausnutzen, um nicht spezifizierte Auswirkungen zu erlangen und möglicherweise beliebigen Code auszuführen. Ein erfolgreiches Ausnutzen erfordert eine Benutzerinteraktion.
EPSS 18.39% · 95.4th percentile
Risk Scores
EPSS Score
18.39%
95.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedora | Fedora Linux | |
| Microsoft | Microsoft Edge < 114.0.1823.51 | |
| Debian | Debian Linux | |
| Microsoft | Microsoft Edge | |
| Gentoo | Gentoo Linux |
Exploit Intelligence
- CIRCL seen: CVE-2023-3215 (circl-sighting)
- https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html (circl)
- https://crbug.com/1446274 (circl)
- https://www.debian.org/security/2023/dsa-5428 (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR/ (circl)
- https://security.gentoo.org/glsa/202311-11 (circl)
- https://security.gentoo.org/glsa/202401-34 (circl)
Timeline
- Jun 13, 2023 CVE Published
- Jun 14, 2023 EPSS Score
- Jun 15, 2023 PoC Published
- Jul 20, 2023 EPSS Score
- Sep 29, 2023 EPSS Score
- Nov 3, 2023 EPSS Score
- Jan 13, 2024 EPSS Score
- Feb 18, 2024 EPSS Score
- Apr 29, 2024 EPSS Score
- Jun 4, 2024 EPSS Score
- Aug 14, 2024 EPSS Score
- Sep 18, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1452.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1452 advisory
- https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html advisory
- https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#june-13-2023 advisory
- https://lists.debian.org/debian-security-announce/2023/msg00119.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-1b99669138 advisory
- https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#june-15-2023 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-5f35718d4c advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3947e434d2 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1fa35650e4 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-8f0f0d103a advisory
- https://security.gentoo.org/glsa/202311-11 advisory
- https://security.gentoo.org/glsa/202401-34 advisory