Request a Demo
Rewterz
Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
September 27, 2023
Rewterz
Rewterz Threat Advisory – CVE-2023-34043 – VMware Aria Operations Vulnerability
September 27, 2023

Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-4901 CVSS: 6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-4902 CVSS: 6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Input. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-4903 CVSS: 6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Custom Mobile Tabs. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-4904 CVSS: 6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-4905 CVSS: 6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-4906 CVSS: 6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-4907 CVSS: 6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Intents. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-4908 CVSS: 6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Picture in Picture. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-4909 CVSS: 6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Interstitials. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

Impact

  • Security Bypass

Indicators Of Compromise

CVE

  • CVE-2023-4901
  • CVE-2023-4902
  • CVE-2023-4903
  • CVE-2023-4904
  • CVE-2023-4905
  • CVE-2023-4906
  • CVE-2023-4907
  • CVE-2023-4908
  • CVE-2023-4909

Affected Vendors

Google

Affected Products

  • Google Chrome 117.0

Remediation

Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Web site.

Google Chrome Releases Website