VDB
CVE-2023-5485
CVE-2023-5485
PUBLISHED
In Google Chrome und Microsoft Edge existieren mehrere Schwachstellen. Die Fehler bestehen in den Komponenten Site Isolation, Fullscreen, Navigation, DevTools, Intents, Downloads, Blink History, PDF, Extensions API, Autofill, Installer, Input und Cast aufgrund mehrerer ungeeigneter Implementierungen, mehrerer Use-after-free-Fehler und eines Heap-Pufferüberlaufs. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand zu verursachen. Für eine erfolgreiche Ausnutzung muss der Benutzer eine speziell gestaltete Webseite besuchen.
EPSS 0.05% · 17.2th percentile
Risk Scores
EPSS Score
0.05%
17.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Google Chrome Stable Channel <118.0.5993.71 | ||
| Google Chrome Extended Stable Channel <118.0.5993.71 | ||
| Oracle | Oracle Linux | |
| Google Chrome Extended Stable Channel <118.0.5993.70 | ||
| Gentoo | Gentoo Linux | |
| Google Chrome Stable Channel <118.0.5993.70 | ||
| Microsoft | Microsoft Edge | |
| Debian | Debian Linux | |
| IGEL | IGEL OS | |
| Fedora | Fedora Linux | |
| Microsoft | Microsoft Edge <118.0.2088.46 |
Exploit Intelligence
- CIRCL seen: CVE-2023-5485 (circl-sighting)
- https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html (circl)
- https://crbug.com/1395164 (circl)
- https://www.debian.org/security/2023/dsa-5526 (circl)
- https://security.gentoo.org/glsa/202311-11 (circl)
- https://security.gentoo.org/glsa/202312-07 (circl)
- https://security.gentoo.org/glsa/202401-34 (circl)
Timeline
- Oct 10, 2023 CVE Published
- Oct 12, 2023 EPSS Score
- Nov 12, 2023 EPSS Score
- Dec 14, 2023 EPSS Score
- Jan 14, 2024 EPSS Score
- Feb 15, 2024 EPSS Score
- Apr 17, 2024 EPSS Score
- May 19, 2024 EPSS Score
- Jun 19, 2024 EPSS Score
- Jul 20, 2024 EPSS Score
- Aug 21, 2024 EPSS Score
- Sep 21, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2630.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2630 advisory
- https://security.gentoo.org/glsa/202401-34 advisory
- https://security.gentoo.org/glsa/202402-05 advisory
- https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html advisory
- https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-11ac66e61e advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-1c6a20aa0a advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-8c9fd2a001 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-2e7253946a advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c730ef027d advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-53a7bc5700 advisory
- https://www.debian.org/security/2023/dsa-5526 advisory
- https://kb.igel.com/securitysafety/en/isn-2023-24-chromium-vulnerability-101065821.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-649469c298 advisory
- https://security.gentoo.org/glsa/202311-11 advisory
- https://linux.oracle.com/errata/ELSA-2024-8800.html advisory
- https://linux.oracle.com/errata/ELSA-2024-9548.html advisory