CVE-2023-4357
vulnerability analysis and mitigation

Overview

CVE-2023-4357 is a security vulnerability discovered in Google Chrome prior to version 116.0.5845.96, identified as an insufficient validation of untrusted input in XML. The vulnerability was disclosed on August 15, 2023, and was assigned a medium severity rating by Chromium security team (Chrome Release).

Technical details

The vulnerability stems from insufficient validation of untrusted input in XML processing within Google Chrome, which could allow attackers to bypass file access restrictions through a crafted HTML page. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high-severity issue requiring user interaction (NVD).

Impact

The vulnerability could allow a remote attacker to bypass file access restrictions when a user visits a specially crafted HTML page. This could potentially lead to unauthorized access to files on the affected system (NVD).

Mitigation and workarounds

The vulnerability has been patched in Google Chrome version 116.0.5845.96. Users and administrators are advised to update to this version or later. Multiple Linux distributions have also released security updates, including Debian (versions 11.0 and 12.0), Fedora (versions 37 and 38), and Gentoo (Debian Advisory, Fedora Advisory, Gentoo Advisory).

Additional resources


SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management