CVE-2023-0931
Published on: Not Yet Published
Last Modified on: 10/20/2023 08:31:00 PM UTC
Certain versions of Chrome from Google contain the following vulnerability:
Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-0931 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software: Google - Chrome version < 110.0.5481.177
CVSS3 Score: 8.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities (GLSA 202309-17) — Gentoo security | security.gentoo.org text/html | MISC security.gentoo.org/glsa/202309-17 |
Chrome Releases: Stable Channel Desktop Update | chromereleases.googleblog.com text/html | MISC chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html |
1407701 - chromium - An open-source project to help move the web forward. - Monorail | crbug.com text/html | MISC crbug.com/1407701 |
Related QID Numbers
- 181670 Debian Security Update for chromium (DSA 5359-1)
- 184715 Debian Security Update for chromium (CVE-2023-0931)
- 199236 Ubuntu Security Notification for Chromium Vulnerabilities (USN-5949-1)
- 283780 Fedora Security Update for chromium (FEDORA-2023-1cf9c4477b)
- 283796 Fedora Security Update for chromium (FEDORA-2023-015e4d696d)
- 284247 Fedora Security Update for alsa (FEDORA-2023-a5e10b188a)
- 284271 Fedora Security Update for chromium (FEDORA-2023-523a24d90a)
- 378034 Microsoft Edge Based on Chromium Prior to 110.0.1587.56/110.0.1587.57 Multiple Vulnerabilities
- 378040 Google Chrome Prior to 110.0.5481.177/110.0.5481.178 Multiple Vulnerabilities
- 378051 Microsoft Edge Based on Chromium Prior to 110.0.1587.57 Multiple Vulnerabilities
- 502942 Alpine Linux Security Update for qt5-qtwebengine
- 503236 Alpine Linux Security Update for qt5-qtwebengine
- 506193 Alpine Linux Security Update for qt5-qtwebengine
- 691073 Free Berkeley Software Distribution (FreeBSD) Security Update for chromium (4d6b5ea9-bc64-4e77-a7ee-d62ba68a80dd)
- 710759 Gentoo Linux Chromium, Google Chrome, Microsoft Edge Multiple Vulnerabilities (GLSA 202309-17)
- 753734 OpenSUSE Security Update for opera (openSUSE-SU-2023:0066-1)
- 754103 OpenSUSE Security Update for opera (openSUSE-SU-2023:0115-1)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Chrome | All | All | All | All |
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
@CVEreport | CVE-2023-0931 : Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to poten… twitter.com/i/web/status/1… | 2023-02-22 20:03:49 |
/r/k12cybersecurity | MS-ISAC CYBERSECURITY ADVISORY – Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution – PATCH: NOW | 2023-02-23 13:47:55 |