VDB
CVE-2023-4764
CVE-2023-4764
PUBLISHED
Es bestehen mehrere Schwachstellen in Google Chrome / Microsoft Edge. Diese Fehler bestehen in den Komponenten FedCM, V8, Networks und BFCache aufgrund eines Out-of-Bounds-Speicherzugriffs, einer Typverwechslung, einer Verwendung nach dem Freigeben und einer falschen Sicherheits-UI. Ein entfernter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen und Cross-Site-Scripting (XSS)-Angriffe durchzuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 0.14% · 33.4th percentile
Risk Scores
EPSS Score
0.14%
33.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gentoo | Gentoo Linux | |
| Debian | Debian Linux | |
| Fedora | Fedora Linux |
Exploit Intelligence
- https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html (circl)
- https://crbug.com/1476403 (circl)
- https://www.debian.org/security/2023/dsa-5491 (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/ (circl)
- https://security.gentoo.org/glsa/202311-11 (circl)
- https://security.gentoo.org/glsa/202312-07 (circl)
- https://security.gentoo.org/glsa/202401-34 (circl)
- https://www.cisa.gov/news-events/alerts/2024/02/06/cisa-adds-one-known-exploited-vulnerability-catalog (certbund)
Timeline
- Sep 5, 2023 CVE Published
- Sep 6, 2023 EPSS Score
- Oct 9, 2023 EPSS Score
- Nov 10, 2023 EPSS Score
- Dec 13, 2023 EPSS Score
- Jan 14, 2024 EPSS Score
- Feb 16, 2024 EPSS Score
- Mar 20, 2024 EPSS Score
- Apr 21, 2024 EPSS Score
- Jun 26, 2024 EPSS Score
- Jul 28, 2024 EPSS Score
- Aug 30, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2267.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2267 advisory
- http://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html advisory
- https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#september-7-2023 advisory
- https://lists.debian.org/debian-security-announce/2023/msg00183.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e9ce7bf135 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-d79ff22c5b advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3efeaee7e4 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4cc86adbd2 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-eb44efc398 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-1e441f3098 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9a6fd7a504 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-509640a8a6 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-32fa4259f4 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9d0dbed062 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-788f9bbb3f advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ea08732e6a advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c66924cb92 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-d58a84dda8 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-54433bc31f advisory
…and 13 more