CVE-2023-0928: 
vulnerability analysis and mitigation

A high-severity use-after-free vulnerability was discovered in SwiftShader component of Google Chrome prior to version 110.0.5481.177. The vulnerability, identified as CVE-2023-0928, was reported by an anonymous researcher on March 22, 2022, and was publicly disclosed on February 22, 2023 (Chrome Blog).

The vulnerability is a use-after-free issue in the SwiftShader component of Google Chrome. It received a CVSS 3.1 base score of 8.8 (High), with the following characteristics: Network attack vector, Low attack complexity, No privileges required, User interaction required, Unchanged scope, and High impact on confidentiality, integrity, and availability (Ubuntu Security).

If successfully exploited, this vulnerability could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page, potentially leading to arbitrary code execution within the context of the browser (NVD).

Google addressed this vulnerability in Chrome version 110.0.5481.177. Users and administrators are advised to update to this version or later. The fix was also backported to various Linux distributions, including Ubuntu 18.04 LTS (version 111.0.5563.64-0ubuntu0.18.04.5) and Debian (Chrome Blog, Ubuntu Security).