CVE-2023-0141Protection Mechanism Failure in Google Chrome

CWE-693Protection Mechanism Failure6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 70.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Google ChromeChromiumDebian Chromium+2 more
Timeline
PublishedJan 10

Description

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

CVEListV5google/chromeunspecified109.0.5414.74
NVDgoogle/chrome< 109.0.5414.74
debiandebian/chromium< chromium 109.0.5414.74-1 (bookworm)
Debianchromium/chromium< 109.0.5414.74-2~deb11u1+3

🔴Vulnerability Details

2
OSV
CVE-2023-0141: Insufficient policy enforcement in CORS in Google Chrome prior to 1092023-01-10
GHSA
GHSA-mpq2-r2jc-4wmr: Insufficient policy enforcement in CORS in Google Chrome prior to 1092023-01-10

📋Vendor Advisories

3
Chrome
Stable Channel Update for Desktop: CVE-2023-01412023-01-10
Microsoft
Chromium:CVE-2023-0141: Insufficient policy enforcement in CORS2023-01-10
Debian
CVE-2023-0141: chromium - Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 ...2023