CVE-2023-4860 — Vulnetix

CVE-2023-4860 PUBLISHED CVSS 9.600000381469727 CRITICAL

Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

EPSS 0.35% · 57.6th percentile

Risk Scores

CVSS v3.1

9.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

0.35%

57.6th percentile

Affected Products

Vendor	Product	Versions
google	chrome	0
Google	Chrome	115.0.5790.98
google	chrome	0

Timeline

Jul 16, 2024 CVE Published
Jul 17, 2024 EPSS Score
Aug 2, 2024 CVE Updated
Aug 8, 2024 EPSS Score
Aug 29, 2024 EPSS Score
Sep 20, 2024 EPSS Score
Oct 12, 2024 EPSS Score
Nov 3, 2024 EPSS Score
Nov 24, 2024 EPSS Score
Dec 17, 2024 EPSS Score
Jan 8, 2025 EPSS Score
Jan 30, 2025 EPSS Score

References

https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html url
https://issues.chromium.org/issues/40064341 url
https://nvd.nist.gov/vuln/detail/CVE-2023-4860 advisory

Open in Interactive Console →