CVE-2023-6512Inappropriate Encoding for Output Context in Google Chrome

CWE-838Inappropriate Encoding for Output Context9 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 34.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Google ChromeChromiumDebian Linux+1 more
Timeline
PublishedDec 6
Latest updateDec 12

Description

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5google/chrome120.0.6099.62120.0.6099.62
NVDgoogle/chrome< 120.0.6099.62
Debianchromium/chromium< 120.0.6099.71-1~deb11u1+3

Also affects: Debian Linux 11.0, 12.0, Fedora 38, 39

🔴Vulnerability Details

3
OSV
CVE-2023-6512: Inappropriate implementation in Web Browser UI in Google Chrome prior to 1202023-12-06
CVEList
CVE-2023-6512: Inappropriate implementation in Web Browser UI in Google Chrome prior to 1202023-12-06
GHSA
GHSA-7mp8-w7v3-999f: Inappropriate implementation in Web Browser UI in Google Chrome prior to 1202023-12-06

📋Vendor Advisories

3
Microsoft
Chromium: CVE-2023-6512 Inappropriate implementation in Web Browser UI2023-12-12
Chrome
Stable Channel Update for Desktop: CVE-2023-65122023-12-05
Debian
CVE-2023-6512: chromium - Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6...2023

🕵️Threat Intelligence

2
Trendmicro
The December 2023 Security Update Review2023-12-12
Bleepingcomputer
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day2023-12-12
CVE-2023-6512 — Google Chrome vulnerability | cvebase