CVE-2023-5475: 
vulnerability analysis and mitigation

CVE-2023-5475 is a security vulnerability discovered in Google Chrome's DevTools implementation prior to version 118.0.5993.70. The vulnerability allows an attacker who convinces a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension (Chrome Release, NVD).

The vulnerability has been classified with a CVSS v3.1 Base Score of 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with no impact on confidentiality, high impact on integrity, and no impact on availability (NVD).

The vulnerability enables attackers to bypass discretionary access control mechanisms through a malicious Chrome extension, potentially compromising the integrity of the browser's security model. This could lead to unauthorized actions being performed within the browser's context (Chrome Release).

Google has addressed this vulnerability in Chrome version 118.0.5993.70. Users and administrators are advised to update to this version or later to mitigate the risk. The fix has been incorporated into various distributions including Debian, Fedora, and Gentoo (Debian Advisory, Fedora Update).