CVE-2023-7013UI Misrepresentation / Clickjacking in Google Chrome

CWE-1021UI Misrepresentation / Clickjacking5 documents5 sources
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 68.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Google ChromeChromiumDebian Chromium+1 more
Timeline
PublishedJul 16
Latest updateJul 17

Description

Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

CVEListV5google/chrome119.0.6045.105119.0.6045.105
NVDgoogle/chrome< 119.0.6045.105
debiandebian/chromium< chromium 119.0.6045.105-1~deb12u1 (bookworm)
Debianchromium/chromium< 119.0.6045.105-1~deb11u1+3

🔴Vulnerability Details

2
GHSA
GHSA-6mmr-3476-3p9f: Inappropriate implementation in Compositing in Google Chrome prior to 1192024-07-17
OSV
CVE-2023-7013: Inappropriate implementation in Compositing in Google Chrome prior to 1192024-07-16

📋Vendor Advisories

2
Chrome
Stable Channel Update for Desktop: CVE-2023-70132023-10-31
Debian
CVE-2023-7013: chromium - Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045...2023
CVE-2023-7013 — UI Misrepresentation / Clickjacking | cvebase