CVE-2023-4860 — Incorrect Implementation of Authentication Algorithm in Google Chrome

CWE-303 — Incorrect Implementation of Authentication Algorithm5 documents5 sources

Severity

9.6CRITICALNVD

EPSS

0.3%

top 42.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium

Timeline

PublishedJul 16

Latest updateJul 17

Description

Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5google/chrome115.0.5790.98 — 115.0.5790.98

▶NVDgoogle/chrome< 115.0.5790.98

▶Debianchromium/chromium< 115.0.5790.98-1~deb11u1+3

🔴Vulnerability Details

GHSA

GHSA-xxfq-8cc9-rwx9: Inappropriate implementation in Skia in Google Chrome prior to 115↗2024-07-17

▶

OSV

CVE-2023-4860: Inappropriate implementation in Skia in Google Chrome prior to 115↗2024-07-16

▶

CVEList

CVE-2023-4860: Inappropriate implementation in Skia in Google Chrome prior to 115↗2024-07-16

▶

📋Vendor Advisories

Debian

CVE-2023-4860: chromium - Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 all...↗2023

▶