CVE-2023-3742 — Google Chrome vulnerability

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.0%

top 98.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedDec 20

Description

Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5google/chrome114.0.5735.90 — 114.0.5735.90

▶NVDgoogle/chrome< 114.0.5735.90

🔴Vulnerability Details

GHSA

GHSA-r8pj-4xw7-x923: Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114↗2023-12-20

▶

💥Exploits & PoCs

Nuclei

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

▶