CVE-2023-1531Use After Free in Google Chrome

CWE-416Use After FreeCWE-476NULL Pointer Dereference11 documents9 sources
Severity
8.8HIGHNVD
EPSS
0.9%
top 24.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Chromium+3 more
Timeline
PublishedMar 21
Latest updateJun 26

Description

Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5google/chrome111.0.5563.110111.0.5563.110
NVDgoogle/chrome< 111.0.5563.110
debiandebian/chromium< chromium 111.0.5563.110-1 (bookworm)
Debianchromium/chromium< 111.0.5563.110-1~deb11u1+3

Also affects: Fedora 36, 37, 38

🔴Vulnerability Details

3
OSV
chromium-browser vulnerabilities2023-04-28
OSV
CVE-2023-1531: Use after free in ANGLE in Google Chrome prior to 1112023-03-21
GHSA
GHSA-7vp7-5qgg-v73x: Use after free in ANGLE in Google Chrome prior to 1112023-03-21

📋Vendor Advisories

5
Red Hat
vim: NULL Pointer Dereference in get_register() at register.c2023-05-09
Ubuntu
Chromium vulnerabilities2023-04-14
Chrome
Stable Channel Update for Desktop: CVE-2023-15312023-03-21
Microsoft
Chromium: CVE-2023-1531 Use after free in ANGLE2023-03-14
Debian
CVE-2023-1531: chromium - Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remot...2023

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGL2023-06-26
Talos
Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGL2023-06-26
CVE-2023-1531 — Use After Free in Google Chrome | cvebase