CVE-2023-6511Google Chrome vulnerability

10 documents9 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 57.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Google ChromeChromiumDebian Linux+1 more
Timeline
PublishedDec 6
Latest updateJan 8

Description

Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5google/chrome120.0.6099.62120.0.6099.62
NVDgoogle/chrome< 120.0.6099.62
Debianchromium/chromium< 120.0.6099.71-1~deb11u1+3

Also affects: Debian Linux 11.0, 12.0, Fedora 38, 39

🔴Vulnerability Details

3
OSV
CVE-2023-6511: Inappropriate implementation in Autofill in Google Chrome prior to 1202023-12-06
GHSA
GHSA-ggw2-384r-h3r8: Inappropriate implementation in Autofill in Google Chrome prior to 1202023-12-06
CVEList
CVE-2023-6511: Inappropriate implementation in Autofill in Google Chrome prior to 1202023-12-06

📋Vendor Advisories

4
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2023-65112024-01-08
Microsoft
Chromium: CVE-2023-6511 Inappropriate implementation in Autofill2023-12-12
Chrome
Stable Channel Update for Desktop: CVE-2023-65102023-12-05
Debian
CVE-2023-6511: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62...2023

🕵️Threat Intelligence

2
Trendmicro
The December 2023 Security Update Review2023-12-12
Bleepingcomputer
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day2023-12-12
CVE-2023-6511 — Google Chrome vulnerability | cvebase