CVE-2023-7281User Interface (UI) Misrepresentation of Critical Information in Google Chrome

CWE-451User Interface (UI) Misrepresentation of Critical Information5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 76.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeChromium
Timeline
PublishedSep 23
Latest updateSep 24

Description

Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5google/chrome119.0.6045.105119.0.6045.105
NVDgoogle/chrome< 119.0.6045.105
Debianchromium/chromium< 119.0.6045.105-1~deb11u1+3

🔴Vulnerability Details

3
GHSA
GHSA-3qr7-fhm2-q3h8: Inappropriate implementation in Compositing in Google Chrome prior to 1192024-09-24
OSV
CVE-2023-7281: Inappropriate implementation in Compositing in Google Chrome prior to 1192024-09-23
CVEList
CVE-2023-7281: Inappropriate implementation in Compositing in Google Chrome prior to 1192024-09-23

📋Vendor Advisories

1
Debian
CVE-2023-7281: chromium - Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045...2023
CVE-2023-7281 — Google Chrome vulnerability | cvebase