CVE-2023-5849: 
vulnerability analysis and mitigation

CVE-2023-5849 is an integer overflow vulnerability discovered in the USB component of Google Chrome versions prior to 119.0.6045.105. The vulnerability was disclosed on October 31, 2023, and affects all Chrome installations before the patched version (Chrome Release).

The vulnerability is classified as a high-severity integer overflow issue in Chrome's USB implementation that could potentially lead to heap corruption when triggered via a crafted HTML page. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 HIGH with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page, which could lead to arbitrary code execution within the context of the browser (Chrome Release).

The vulnerability has been patched in Chrome version 119.0.6045.105. Users and administrators should update to this version or later to mitigate the risk. The fix has been backported to various Linux distributions including Debian, Fedora, and Gentoo (Debian Advisory, Fedora Update).