VDB
CVE-2023-6112
CVE-2023-6112
PUBLISHED
In Google Chrome und Microsoft Edge bestehen mehrere Schwachstellen aufgrund von Use-after-free-Fehlern, die derzeit noch nicht im Detail beschrieben und veröffentlicht wurden. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 28.19% · 96.6th percentile
Risk Scores
EPSS Score
28.19%
96.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gentoo | Gentoo Linux | |
| Debian | Debian Linux | |
| Fedora | Fedora Linux |
Exploit Intelligence
- https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html (circl)
- https://crbug.com/1499298 (circl)
- https://www.debian.org/security/2023/dsa-5556 (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC/ (circl)
- https://security.gentoo.org/glsa/202311-11 (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X/ (circl)
- https://security.gentoo.org/glsa/202312-07 (circl)
- http://packetstormsecurity.com/files/176721/Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html (circl)
- https://security.gentoo.org/glsa/202401-34 (circl)
Timeline
- Jan 21, 1970 Distribution Patch
- Jan 21, 1970 Security Advisory
- Jan 21, 1970 Security Advisory
- Jan 21, 1970 Security Advisory
- Jan 21, 1970 Security Advisory
- Nov 14, 2023 CVE Published
- Nov 16, 2023 EPSS Score
- Jan 15, 2024 EPSS Score
- Feb 15, 2024 EPSS Score
- Feb 18, 2024 CVE Updated
- Apr 15, 2024 EPSS Score
- Jun 14, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2899.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2899 advisory
- http://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html advisory
- https://lists.debian.org/debian-security-announce/2023/msg00252.html advisory
- https://msrc.microsoft.com/update-guide advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7e5dc8aef7 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-03f6b44faf advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-9425bb0115 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4a01799793 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-442c049c3c advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-5b46676afa advisory
- https://security.gentoo.org/glsa/202311-11 advisory
- https://security.gentoo.org/glsa/202401-34 advisory
- https://security.gentoo.org/glsa/202402-14 advisory