ISHACK AI BOT

Alma Linux: CVE-2023-4147: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/07/2023 Created 09/15/2023 Added 09/15/2023 Modified 01/28/2025 Description A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla References https://attackerkb.com/topics/cve-2023-4147 CVE - 2023-4147 https://errata.almalinux.org/9/ALSA-2023-5069.html https://errata.almalinux.org/9/ALSA-2023-5091.html

Huawei EulerOS: CVE-2023-36054: krb5 security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. Solution(s) huawei-euleros-2_0_sp9-upgrade-krb5 huawei-euleros-2_0_sp9-upgrade-krb5-client huawei-euleros-2_0_sp9-upgrade-krb5-libs huawei-euleros-2_0_sp9-upgrade-krb5-server References https://attackerkb.com/topics/cve-2023-36054 CVE - 2023-36054 EulerOS-SA-2023-2899

Huawei EulerOS: CVE-2023-4194: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 08/07/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4194 CVE - 2023-4194 EulerOS-SA-2023-3217

CentOS Linux: CVE-2023-4147: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/07/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt centos-upgrade-kpatch-patch-5_14_0-284_11_1 centos-upgrade-kpatch-patch-5_14_0-284_11_1-debuginfo centos-upgrade-kpatch-patch-5_14_0-284_11_1-debugsource centos-upgrade-kpatch-patch-5_14_0-284_18_1 centos-upgrade-kpatch-patch-5_14_0-284_18_1-debuginfo centos-upgrade-kpatch-patch-5_14_0-284_18_1-debugsource centos-upgrade-kpatch-patch-5_14_0-284_25_1 centos-upgrade-kpatch-patch-5_14_0-284_25_1-debuginfo centos-upgrade-kpatch-patch-5_14_0-284_25_1-debugsource References CVE-2023-4147

Red Hat JBossEAP: Memory Allocation with Excessive Size Value (CVE-2023-3223) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/07/2023 Created 09/20/2024 Added 09/19/2024 Modified 12/20/2024 Description A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.. A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2023-3223 CVE - 2023-3223 https://access.redhat.com/security/cve/CVE-2023-3223 https://bugzilla.redhat.com/show_bug.cgi?id=2209689 https://access.redhat.com/errata/RHSA-2023:4505 https://access.redhat.com/errata/RHSA-2023:4506 https://access.redhat.com/errata/RHSA-2023:4507 https://access.redhat.com/errata/RHSA-2023:4509 View more

VMware Photon OS: CVE-2023-4194 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 08/07/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4194 CVE - 2023-4194

Huawei EulerOS: CVE-2023-36054: krb5 security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. Solution(s) huawei-euleros-2_0_sp5-upgrade-krb5-devel huawei-euleros-2_0_sp5-upgrade-krb5-libs huawei-euleros-2_0_sp5-upgrade-krb5-pkinit huawei-euleros-2_0_sp5-upgrade-krb5-server huawei-euleros-2_0_sp5-upgrade-krb5-server-ldap huawei-euleros-2_0_sp5-upgrade-krb5-workstation huawei-euleros-2_0_sp5-upgrade-libkadm5 References https://attackerkb.com/topics/cve-2023-36054 CVE - 2023-36054 EulerOS-SA-2024-1145

VMware Photon OS: CVE-2023-36054 Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-36054 CVE - 2023-36054

Ubuntu: USN-6452-1 (CVE-2023-3896): Vim vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 08/07/2023 Created 10/27/2023 Added 10/27/2023 Modified 01/28/2025 Description Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3 Solution(s) ubuntu-upgrade-vim ubuntu-upgrade-vim-athena ubuntu-upgrade-vim-gtk3 ubuntu-upgrade-vim-nox ubuntu-upgrade-vim-tiny ubuntu-upgrade-xxd References https://attackerkb.com/topics/cve-2023-3896 CVE - 2023-3896 USN-6452-1

VMware Photon OS: CVE-2023-4072 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4072 CVE - 2023-4072

VMware Photon OS: CVE-2023-4076 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4076 CVE - 2023-4076

Alpine Linux: CVE-2023-4074: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) alpine-linux-upgrade-qt5-qtwebengine References https://attackerkb.com/topics/cve-2023-4074 CVE - 2023-4074 https://security.alpinelinux.org/vuln/CVE-2023-4074

Alpine Linux: CVE-2023-4071: Out-of-bounds Write Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) alpine-linux-upgrade-qt5-qtwebengine References https://attackerkb.com/topics/cve-2023-4071 CVE - 2023-4071 https://security.alpinelinux.org/vuln/CVE-2023-4071

Alpine Linux: CVE-2023-4076: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) Solution(s) alpine-linux-upgrade-qt5-qtwebengine References https://attackerkb.com/topics/cve-2023-4076 CVE - 2023-4076 https://security.alpinelinux.org/vuln/CVE-2023-4076

Ubuntu: USN-6275-1 (CVE-2023-38497): Cargo vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 08/03/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/30/2025 Description Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. Solution(s) ubuntu-pro-upgrade-cargo ubuntu-pro-upgrade-librust-cargo-dev ubuntu-pro-upgrade-librust-cargo-openssl-dev References https://attackerkb.com/topics/cve-2023-38497 CVE - 2023-38497 USN-6275-1

Rocky Linux: CVE-2023-4133: kernel (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-4133 CVE - 2023-4133 https://errata.rockylinux.org/RLSA-2024:2950 https://errata.rockylinux.org/RLSA-2024:3138

Huawei EulerOS: CVE-2023-4132: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4132 CVE - 2023-4132 EulerOS-SA-2023-3217

VMware Photon OS: CVE-2023-4132 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4132 CVE - 2023-4132

Debian: CVE-2023-3180: qemu -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. Solution(s) debian-upgrade-qemu References https://attackerkb.com/topics/cve-2023-3180 CVE - 2023-3180 DLA-3604-1

Microsoft Edge Chromium: CVE-2023-4068 Type Confusion in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/03/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4068 CVE - 2023-4068 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4068

Debian: CVE-2023-4071: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4071 CVE - 2023-4071 DSA-5467-1

Ubuntu: (Multiple Advisories) (CVE-2023-3180): QEMU vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 01/10/2024 Added 01/09/2024 Modified 01/28/2025 Description A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. Solution(s) ubuntu-upgrade-qemu ubuntu-upgrade-qemu-system ubuntu-upgrade-qemu-system-arm ubuntu-upgrade-qemu-system-mips ubuntu-upgrade-qemu-system-misc ubuntu-upgrade-qemu-system-ppc ubuntu-upgrade-qemu-system-s390x ubuntu-upgrade-qemu-system-sparc ubuntu-upgrade-qemu-system-x86 ubuntu-upgrade-qemu-system-x86-microvm ubuntu-upgrade-qemu-system-x86-xen ubuntu-upgrade-qemu-system-xen References https://attackerkb.com/topics/cve-2023-3180 CVE - 2023-3180 USN-6567-1 USN-6567-2

Google Chrome Vulnerability: CVE-2023-4069 Type Confusion in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4069 CVE - 2023-4069 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html

Google Chrome Vulnerability: CVE-2023-4074 Use after free in Blink Task Scheduling Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4074 CVE - 2023-4074 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html

Google Chrome Vulnerability: CVE-2023-4078 Inappropriate implementation in Extensions Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4078 CVE - 2023-4078 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html