Request a Demo
Rewterz
Rewterz Threat Advisory –ICS: Mitsubishi Electric INEA ME RTU Vulnerability
May 3, 2023
Rewterz
Rewterz Threat Alert – FormBook Malware – Active IOCs
May 3, 2023

Rewterz Threat Advisory–Multiple Google Chrome Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-2468 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in PictureInPicture. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-2467 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-2466 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-2465 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in CORS. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-2464 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in PictureInPicture. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-2463 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Full Screen Mode. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-2462 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-2461 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in OS Inputs. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2023-2460 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient validation of untrusted input in Extensions. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-2459 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

Impact

  • Code Execution
  • Security Bypass

Indicators Of Compromise

CVE

  • CVE-2023-2468
  • CVE-2023-2467
  • CVE-2023-2466
  • CVE-2023-2465
  • CVE-2023-2464
  • CVE-2023-2463
  • CVE-2023-2462
  • CVE-2023-2461
  • CVE-2023-2460
  • CVE-2023-2459

Affected Vendors

Google

Affected Products

  • Google Chrome 113.0

Remediation

Upgrade to the latest version of Chrome, available from the Google Chrome Releases Web site.

Google Chrome Releases Web site