VDB
DEBIAN-CVE-2023-4357
DEBIAN-CVE-2023-4357
PUBLISHED
CVSS 8.800000190734863 HIGH
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | chromium | 110.0.5481.77-1, *, 109.0.5414.119-1 |
| Debian:13 | chromium | 0, 0, 0 |
| Debian:14 | chromium | 0, 0, 0 |
| Debian:12 | chromium | 114.0.5735.198-1~deb11u1, 114.0.5735.198-1~deb12u1, 114.0.5735.90-1 |
Exploit Intelligence
- Network Security Project (github-poc-repo)
- CamillaFranceschini/CVE-2023-4357 (github-poc-repo)
- [漏洞复现] 全球首款单文件利用 CVE-2023-4357 Chrome XXE 漏洞 EXP, 实现对访客者本地文件窃取. Chrome XXE vulnerability EXP, allowing attackers to obtain local files of visitors. (github-poc-repo)
- CamillaFranceschini/CVE-2023-4357 (github-poc)
- Network Security Project (github-poc)
- WinnieZy/CVE-2023-4357 (github-poc)
- poc (github-poc)
- passwa11/CVE-2023-4357-APT-Style-exploitation (github-poc)
- [漏洞复现] 全球首款单文件利用 CVE-2023-4357 Chrome XXE 漏洞 EXP, 实现对访客者本地文件窃取. Chrome XXE vulnerability EXP, allowing attackers to obtain local files of visitors. (github-poc)
Timeline
- Aug 15, 2023 CVE Published
- Apr 28, 2026 CVE Updated