(Chromium security severity: Medium) (CVE-2023-4905) Inappropriate implementation in Prompts in Google Chrome prior to 1.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Insufficient policy enforcement in Downloads in Google Chrome prior to 1.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 1.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4902) Inappropriate implementation in Input in Google Chrome prior to 1.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4901) Inappropriate implementation in Prompts in Google Chrome prior to 1.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 1.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863) Heap buffer overflow in WebP in Google Chrome prior to 1.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-36727) Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36562, CVE-2023-36735) It is, therefore, affected by multiple vulnerabilities as referenced in the Septemadvisory. The version of Microsoft Edge installed on the remote Windows host is prior to 1.31.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |