March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
September 27, 2023Rewterz Threat Advisory – CVE-2023-34043 – VMware Aria Operations Vulnerability
September 27, 2023Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
September 27, 2023Rewterz Threat Advisory – CVE-2023-34043 – VMware Aria Operations Vulnerability
September 27, 2023
Severity
Medium
Analysis Summary
CVE-2023-4901 CVSS: 6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-4902 CVSS: 6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Input. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-4903 CVSS: 6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Custom Mobile Tabs. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-4904 CVSS: 6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-4905 CVSS: 6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-4906 CVSS: 6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-4907 CVSS: 6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Intents. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-4908 CVSS: 6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Picture in Picture. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-4909 CVSS: 6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Interstitials. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-4901
- CVE-2023-4902
- CVE-2023-4903
- CVE-2023-4904
- CVE-2023-4905
- CVE-2023-4906
- CVE-2023-4907
- CVE-2023-4908
- CVE-2023-4909
Affected Vendors
Affected Products
- Google Chrome 117.0
Remediation
Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Web site.