CVE-2023-2457 — Out-of-bounds Write in Google Chrome

CWE-787 — Out-of-bounds Write CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 47.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Google Chrome Chrome

Timeline

PublishedMay 12

Latest updateSep 15

Description

Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google/chrome113.0.5672.114 — 113.0.5672.114

▶NVDgoogle/chrome< 113.0.5672.114

▶googlegoogle/chrome_chrome

🔴Vulnerability Details

GHSA

GHSA-76rv-vcjw-7q23: Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113↗2023-05-12

▶

📋Vendor Advisories

Red Hat

kernel: drm/amdgpu: drop redundant sched job cleanup when cs is aborted↗2025-09-15

▶

Chrome

Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2023-2457↗2023-05-09

▶