CVE-2023-7012 — Vulnetix

CVE-2023-7012 PUBLISHED CVSS 9.600000381469727 CRITICAL

Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium)

EPSS 0.05% · 17.3th percentile

Risk Scores

CVSS v3.1

9.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

0.05%

17.3th percentile

Affected Products

Vendor	Product	Versions
google	chrome	0
google	chrome	0
Google	Chrome	117.0.5938.62

Timeline

Jul 16, 2024 CVE Published
Jul 17, 2024 EPSS Score
Aug 2, 2024 CVE Updated
Aug 7, 2024 EPSS Score
Aug 28, 2024 EPSS Score
Sep 19, 2024 EPSS Score
Oct 10, 2024 EPSS Score
Oct 31, 2024 EPSS Score
Nov 21, 2024 EPSS Score
Dec 13, 2024 EPSS Score
Jan 4, 2025 EPSS Score
Jan 25, 2025 EPSS Score

References

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html url
https://issues.chromium.org/issues/40061509 url
https://nvd.nist.gov/vuln/detail/CVE-2023-7012 advisory

Open in Interactive Console →