CVE-2023-3739: Insufficient validation of untrusted input in ChromeOS
First published: Thu Jul 20 2023(Updated: )
Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)
Credit: chrome-cve-admin@google.com chrome-cve-admin@google.com Rory McNamara.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <115.0.5790.131 | |
| Google Chrome OS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-3739.
What is the severity of CVE-2023-3739?
The severity of CVE-2023-3739 is medium with a severity value of 6.3.
What is the affected software?
The affected software is Google Chrome on ChromeOS prior to version 115.0.5790.131.
How does the vulnerability in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 occur?
The vulnerability occurs due to insufficient validation of untrusted input in Chromad, allowing a remote attacker to execute arbitrary code via a crafted shell script.
How can I fix the vulnerability in CVE-2023-3739?
To fix the vulnerability, update Google Chrome on ChromeOS to version 115.0.5790.131 or later.
- collector/nvd-latest
- agent/references
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- agent/description
- collector/chrome-releases
- agent/severity
- agent/author
- agent/title
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/google
- canonical/google chrome
- canonical/google chrome os