March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Update – Hyper-Volumetric HTTP DDoS Attacks Surge, Cloudflare Reports
November 1, 2023Rewterz Threat Advisory – Multiple Fortinet FortiManager and FortiAnalyzer Vulnerabilities
November 1, 2023Rewterz Threat Update – Hyper-Volumetric HTTP DDoS Attacks Surge, Cloudflare Reports
November 1, 2023Rewterz Threat Advisory – Multiple Fortinet FortiManager and FortiAnalyzer Vulnerabilities
November 1, 2023
Severity
High
Analysis Summary
CVE-2023-5859 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by incorrect security UI in Picture In Picture. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5858 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in WebApp Provider. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5857 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5856 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Side Panel. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-5855 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Reading Mode. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-5854 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Profiles. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-5853 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by incorrect security UI in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5851 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5850 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by incorrect security UI in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5849 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in USB. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-5482 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient data validation in USB. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-5852 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Printing. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-5480 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Payments. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
Impact
- Security Bypass
- Code Execution
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-5859
- CVE-2023-5858
- CVE-2023-5857
- CVE-2023-5856
- CVE-2023-5855
- CVE-2023-5854
- CVE-2023-5853
- CVE-2023-5851
- CVE-2023-5850
- CVE-2023-5849
- CVE-2023-5482
- CVE-2023-5852
- CVE-2023-5480
Affected Vendors
Affected Products
- Google Chrome 119.0
Remediation
Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Web site.