CVE-2023-4073: 
vulnerability analysis and mitigation

Out of bounds memory access vulnerability (CVE-2023-4073) was discovered in ANGLE component of Google Chrome on Mac prior to version 115.0.5790.170. The vulnerability was reported by Jaehun Jeong(@n3sk) of Theori on June 20, 2023, and was publicly disclosed on August 2, 2023 (Chrome Release).

The vulnerability is classified as a high-severity issue with a CVSS v3.1 base score of 8.8 (HIGH). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, no privileges required, and user interaction required. The vulnerability is categorized under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (NVD).

If exploited, this vulnerability could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page, potentially leading to arbitrary code execution, information disclosure, or denial of service (Debian Advisory).

The vulnerability has been patched in Google Chrome version 115.0.5790.170 for Mac. Users are strongly advised to update to this version or later. The fix has also been incorporated into various Linux distributions including Debian 11 (bullseye) and 12 (bookworm), Fedora 38, and Gentoo (Debian Advisory, Fedora Update).