CVE-2023-5477: 
vulnerability analysis and mitigation

A local security vulnerability (CVE-2023-5477) was identified in Google Chrome's Installer component prior to version 118.0.5993.70. The vulnerability was discovered by Bahaa Naamneh of Crosspoint Labs on August 13, 2023, and was classified with a low severity rating (Chrome Release).

The vulnerability stems from an inappropriate implementation in the Chrome Installer component that could allow a local attacker to bypass discretionary access control through a crafted command. The issue has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

The vulnerability enables a local attacker to bypass discretionary access control mechanisms, potentially compromising the security boundaries set by the system. Given its low severity rating, the impact is considered relatively minimal but still requires attention (Chrome Release).

The vulnerability has been patched in Google Chrome version 118.0.5993.70 and later. Users are advised to update their Chrome installations to the latest version. Multiple Linux distributions have also released security updates to address this vulnerability, including Debian (DSA-5526) and Gentoo (GLSA-202311-11, GLSA-202312-07, GLSA-202401-34) (Debian Security, Gentoo Security).