CVE-2023-4365: 
vulnerability analysis and mitigation

CVE-2023-4365 is a security vulnerability discovered in Google Chrome's Fullscreen feature prior to version 116.0.5845.96. The vulnerability was reported by Hafiizh on April 6, 2023, and involves an inappropriate implementation in the Fullscreen functionality that could allow a remote attacker to obfuscate security UI through a crafted HTML page (Chrome Release).

The vulnerability is classified with a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with no impact on confidentiality, low impact on integrity, and no impact on availability (NVD).

When exploited, this vulnerability allows a remote attacker to potentially manipulate the security user interface of the browser through specially crafted HTML pages. This could lead to security UI obfuscation, potentially misleading users about the security status or origin of web content (Chrome Release).

The vulnerability has been patched in Google Chrome version 116.0.5845.96. Users and administrators are advised to update to this version or later. The fix has been distributed to various distributions including Debian 11 (bullseye) and 12 (bookworm), Fedora 37 and 38, and Gentoo (Debian Advisory, Fedora Update, Gentoo Advisory).