CVE-2023-0141: 
vulnerability analysis and mitigation

CVE-2023-0141 is a vulnerability discovered in Google Chrome's Cross-Origin Resource Sharing (CORS) implementation prior to version 109.0.5414.74. The vulnerability was reported by a researcher known as 'scarlet' on September 12, 2022, and was officially disclosed on January 10, 2023. This security flaw affects Google Chrome and its derivative browsers, including Microsoft Edge Chromium (Chrome Release, NVD).

The vulnerability is characterized as an insufficient policy enforcement in the CORS (Cross-Origin Resource Sharing) mechanism. It received a CVSS score of 4.0 (Low severity) with the vector (AV:N/AC:M/Au:N/C:P/I:N/A:N). Google's security team classified this as a Low severity issue in their internal assessment (Rapid7).

When exploited, this vulnerability allows a remote attacker to leak cross-origin data through a specially crafted HTML page. The impact is limited to partial information disclosure without system compromise or integrity violations (NVD).

The vulnerability was patched in Chrome version 109.0.5414.74 and corresponding versions of Chromium-based browsers. Users and administrators are advised to upgrade to this version or later to mitigate the risk (Chrome Release).