- 99/2023
- Medium
Google has released an updated Chrome version (113.0.5672.63/.64) for Windows and (113.0.5672.63) for Linux and Mac to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, cause a denial of service attack, or bypass security restrictions by persuading the victim to visit a specially crafted website.
Sample of the addressed vulnerabilities:
1. Google Chrome Prompts Security Bypass (CVE-2023-2459):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Bypass Security
2. Google Chrome Extensions Security Bypass (CVE-2023-2460):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Bypass Security
Vulnerabilities
- CVE-2023-2459
- CVE-2023-2460
- CVE-2023-2461
- CVE-2023-2462
- CVE-2023-2463
- CVE-2023-2464
- CVE-2023-2465
- CVE-2023-2466
- CVE-2023-2467
- CVE-2023-2468
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.