Severity
Medium
Analysis Summary
CVE-2023-3740 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient validation of untrusted input in Themes. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-3738 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Autofill component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-3737 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Notifications component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-3736 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Custom Tabs component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-3735 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Web API Permission Prompts component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-3734 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Picture In Picture component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-3732 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access in Mojo. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-3730 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Tab Groups. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-3728 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebRTC. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-3733 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the WebApp Installs component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-3727 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebRTC. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
Impact
- Security Bypass
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-3740
- CVE-2023-3738
- CVE-2023-3737
- CVE-2023-3736
- CVE-2023-3735
- CVE-2023-3734
- CVE-2023-3732
- CVE-2023-3730
- CVE-2023-3728
- CVE-2023-3733
- CVE-2023-3727
Affected Vendors
Affected Products
- Google Chrome 115.0
Remediation
Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Website.