CVE-2023-1814: 
vulnerability analysis and mitigation

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to version 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. The vulnerability was discovered by Young Min Kim (@ylemkimon) from CompSec Lab at Seoul National University and was assigned CVE-2023-1814. Google classified this vulnerability with a Medium security severity rating (Chrome Release).

The vulnerability stems from insufficient validation of untrusted input specifically in the Safe Browsing component of Google Chrome. The issue allowed attackers to bypass download checking mechanisms through specially crafted HTML pages. The vulnerability was patched in Chrome version 112.0.5615.49, released in April 2023. Google awarded a $3,000 bounty for this finding, indicating its moderate severity level (Chrome Release).

The vulnerability could allow remote attackers to bypass Chrome's Safe Browsing download checking mechanisms. This could potentially lead to users downloading malicious files without the usual security warnings that Safe Browsing provides (NVD).

The vulnerability has been fixed in Chrome version 112.0.5615.49 and later versions. Users and administrators should ensure their Chrome installations are updated to this version or newer. The fix has also been incorporated into various Linux distributions including Debian 11 (Bullseye) with version 112.0.5615.49-2~deb11u2 and Fedora with version 112.0.5615.49-1 (Debian Security, Fedora Update).