CVE-2023-4353: 
vulnerability analysis and mitigation

A heap buffer overflow vulnerability (CVE-2023-4353) was discovered in the ANGLE (Almost Native Graphics Layer Engine) component of Google Chrome versions prior to 116.0.5845.96. The vulnerability was reported by Christoph Diehl from Microsoft Vulnerability Research on June 27, 2023, and was classified with high security severity (Chrome Release).

The vulnerability is classified as a heap buffer overflow (CWE-787: Out-of-bounds Write) that could be triggered through a crafted HTML page. The issue received a CVSS v3.1 base score of 8.8 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, no privileges required, and user interaction needed (NVD).

If successfully exploited, this vulnerability could allow a remote attacker to potentially exploit heap corruption via a specially crafted HTML page, potentially leading to arbitrary code execution, information disclosure, or system compromise (Debian Security).

The vulnerability has been patched in Google Chrome version 116.0.5845.96. Users and administrators are strongly advised to upgrade to this version or later. The fix has also been incorporated into various Linux distributions including Debian 11 (bullseye) and 12 (bookworm), Fedora 37 and 38, and Gentoo (Debian Security, Fedora Update, Gentoo Security).