CVE-2023-3732: 
vulnerability analysis and mitigation

Out of bounds memory access vulnerability (CVE-2023-3732) was discovered in the Mojo component of Google Chrome versions prior to 115.0.5790.98. The vulnerability was reported by Mark Brand of Google Project Zero on June 2, 2023, and was patched in July 2023. This security flaw affects all Chrome installations before the patched version (Chrome Release).

The vulnerability is classified as a high-severity issue with a CVSS v3.1 base score of 8.8. It involves an out-of-bounds memory access in the Mojo component that could lead to heap corruption. The vulnerability requires the attacker to have already compromised the renderer process and can be triggered through a specially crafted HTML page (NVD).

If successfully exploited, this vulnerability could allow an attacker who has already compromised the renderer process to potentially exploit heap corruption, which could lead to arbitrary code execution within the context of the browser (Chrome Release).

Google has addressed this vulnerability in Chrome version 115.0.5790.98. Users and administrators are strongly advised to upgrade to this version or later to mitigate the risk. The fix was also incorporated into Chromium-based browsers and distributed to various Linux distributions including Debian, Fedora, and Gentoo (Chrome Release, Gentoo Advisory).