CVE-2023-1810: 
vulnerability analysis and mitigation

CVE-2023-1810 is a heap buffer overflow vulnerability discovered in the Visuals component of Google Chrome versions prior to 112.0.5615.49. The vulnerability was reported by Weipeng Jiang (@Krace) of VRI on February 8, 2023, and was patched in April 2023. This security flaw affects Google Chrome browsers across Windows, Mac, and Linux operating systems (Chrome Blog).

The vulnerability is classified as a heap buffer overflow in the Visuals component of Chrome that could allow a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Google has rated this vulnerability as High severity and awarded a $5,000 bounty for its discovery (Chrome Blog).

If successfully exploited, this vulnerability could allow an attacker who has compromised the renderer process to execute arbitrary code through heap corruption, potentially leading to system compromise (NVD).

The vulnerability has been fixed in Chrome version 112.0.5615.49. Users are strongly advised to update their Chrome browsers to this version or later. Multiple Linux distributions have also released security updates to address this vulnerability, including Debian (version 112.0.5615.49-2~deb11u2), Fedora, and Gentoo (Debian Security, Gentoo Security).