CVE-2023-7011 — Vulnetix

CVE-2023-7011 PUBLISHED CVSS 6.5 MEDIUM

Inappropriate implementation in Picture in Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

EPSS 0.21% · 43.1th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS Score

0.21%

43.1th percentile

Affected Products

Vendor	Product	Versions
google	chrome	0
google	chrome	0
Google	Chrome	119.0.6045.105

Timeline

Jul 16, 2024 CVE Published
Jul 17, 2024 EPSS Score
Aug 2, 2024 CVE Updated
Aug 8, 2024 EPSS Score
Aug 29, 2024 EPSS Score
Sep 20, 2024 EPSS Score
Oct 12, 2024 EPSS Score
Nov 3, 2024 EPSS Score
Nov 24, 2024 EPSS Score
Dec 17, 2024 EPSS Score
Jan 8, 2025 EPSS Score
Jan 30, 2025 EPSS Score

References

https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html url
https://issues.chromium.org/issues/40066780 url
https://nvd.nist.gov/vuln/detail/CVE-2023-7011 advisory

Open in Interactive Console →