CVE-2023-0700User Interface (UI) Misrepresentation of Critical Information in Google Chrome

CWE-451User Interface (UI) Misrepresentation of Critical InformationCWE-269Improper Privilege ManagementCWE-200Sensitive Information ExposureCWE-668Resource ExposureCWE-276Incorrect Default Permissions12 documents9 sources
Severity
6.5MEDIUMNVD
OSV8.8
EPSS
0.2%
top 61.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Google ChromeChromiumGithub.com Minio Console+4 more
Timeline
PublishedFeb 7
Latest updateOct 1

Description

Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages8 packages

CVEListV5google/chromeunspecified110.0.5481.77
NVDgoogle/chrome< 110.0.5481.77
debiandebian/chromium< chromium 110.0.5481.77-1 (bookworm)
Debianchromium/chromium< 110.0.5481.77-1~deb11u1+3

🔴Vulnerability Details

6
GHSA
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation2023-09-06
GHSA
Privilege Escalation on Linux/MacOS2023-09-05
GHSA
Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited2023-05-26
OSV
chromium-browser vulnerabilities2023-02-21
GHSA
GHSA-w634-6x8m-jgvx: Inappropriate implementation in Download in Google Chrome prior to 1102023-02-07

📋Vendor Advisories

5
Red Hat
kernel: powerpc/rtas_flash: allow user copy to flash block cache objects2025-10-01
Ubuntu
Chromium vulnerabilities2023-02-21
Microsoft
Chromium: CVE-2023-0700 Inappropriate implementation in Download2023-02-14
Chrome
Stable Channel Update for Desktop: CVE-2023-06992023-02-07
Debian
CVE-2023-0700: chromium - Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77...2023