CVE-2023-3735

Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html	Release Notes Vendor Advisory
https://crbug.com/1394410	Exploit Issue Tracking Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/
https://security.gentoo.org/glsa/202401-34

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

History

31 Jan 2024, 17:15

Type	Values Removed	Values Added
Summary		(es) La implementación inadecuada de las Solicitudes de Permiso de la API Web en Google Chrome anteriores a la versión 115.0.5790.98 permitía a un atacante remoto ocultar la interfaz de usuario de seguridad a través de una página HTML manipulada. (Gravedad de seguridad de Chromium: Media)
References		() https://security.gentoo.org/glsa/202401-34 -

Information

Published : 2023-08-01 23:15

Updated : 2024-01-31 17:15

NVD link : CVE-2023-3735

Mitre link : CVE-2023-3735

CVE.ORG link : CVE-2023-3735

JSON object : View

Products Affected

google

chrome

CWE

NVD-CWE-noinfo

4.3 /10