CVE-2023-36266: 
Google Chrome vulnerability analysis and mitigation

A security vulnerability was discovered in Keeper Password Manager for Desktop version 16.10.2 and KeeperFill Browser Extensions version 16.5.4. The vulnerability allows local attackers to access sensitive information through plaintext password storage in memory after user login, with the potential for this information to persist even after logout. This issue is disputed by the vendor for two reasons: the information is inherently available during logged-in sessions when an attacker can read from arbitrary memory locations, and any post-logout information persistence is due to web browser memory management limitations rather than Keeper's technology (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires local access, has low attack complexity, requires low privileges, needs no user interaction, has unchanged scope, and can result in high confidentiality impact without affecting integrity or availability (NVD).

The vulnerability's primary impact is the potential exposure of sensitive password information stored in memory. This exposure occurs during active user sessions and may continue after logout due to browser memory management behavior. The impact is limited to local attackers who can read arbitrary memory locations (NVD).