
Cloud Vulnerability DB
A community-led vulnerabilities database
CVE-2023-4357 is a security vulnerability discovered in Google Chrome prior to version 116.0.5845.96, identified as an insufficient validation of untrusted input in XML. The vulnerability was disclosed on August 15, 2023, and was assigned a medium severity rating by Chromium security team (Chrome Release).
The vulnerability stems from insufficient validation of untrusted input in XML processing within Google Chrome, which could allow attackers to bypass file access restrictions through a crafted HTML page. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high-severity issue requiring user interaction (NVD).
The vulnerability could allow a remote attacker to bypass file access restrictions when a user visits a specially crafted HTML page. This could potentially lead to unauthorized access to files on the affected system (NVD).
The vulnerability has been patched in Google Chrome version 116.0.5845.96. Users and administrators are advised to update to this version or later. Multiple Linux distributions have also released security updates, including Debian (versions 11.0 and 12.0), Fedora (versions 37 and 38), and Gentoo (Debian Advisory, Fedora Advisory, Gentoo Advisory).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."