Severity
Medium
Analysis Summary
CVE-2023-5478 CVSS:4.3
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5477 CVSS:4.3
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Installer. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5486 CVSS:4.3
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Input. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5483 CVSS:4.3
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Intents. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5475 CVSS:4.3
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in DevTools. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5481 CVSS:4.3
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5487 CVSS:4.3
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Fullscreen. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5473 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Cast. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-5476 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Blink History. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-5484 CVSS:4.3
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Navigation. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5218 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Site Isolation. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-5479 CVSS:4.3
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Extensions API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
Impact
- Security Bypass
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-5478
- CVE-2023-5477
- CVE-2023-5486
- CVE-2023-5483
- CVE-2023-5475
- CVE-2023-5481
- CVE-2023-5487
- CVE-2023-5473
- CVE-2023-5476
- CVE-2023-5484
- CVE-2023-5218
- CVE-2023-5479
Affected Vendors
Affected Products
- Google Chrome 118.0
Remediation
Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Website.