CVE-2023-4357
CVE-2023-4357
In short
Google Chrome had a flaw where it didn't properly check XML data from websites, allowing attackers to bypass protections that prevent websites from accessing your files. A hacker could create a malicious webpage that tricks your browser into accessing files it shouldn't.
Technical detail
Insufficient input validation in XML processing allowed remote attackers to bypass file access restrictions through a crafted HTML page. The vulnerability exists in Chrome versions prior to 116.0.5845.96 and requires user interaction (opening a malicious page). The attack vector is network-based with low complexity, affecting the confidentiality of local file access.
Summary generated and translated by AI from the official description.
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.htmlhttps://crbug.com/1458911https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/https://security.gentoo.org/glsa/202401-34https://www.debian.org/security/2023/dsa-5479