CVE-2023-0139 — Improper Input Validation in Google Chrome
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 77.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 10
Description
Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low)
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6