First published: Tue Aug 15 2023(Updated: )
Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium)
Credit: chrome-cve-admin@google.com chrome-cve-admin@google.com Derin Eryilmaz.
Affected Software | Affected Version | How to fix |
---|---|---|
Google Chrome | <116.0.5845.96 | |
Google Chrome OS | ||
All of | ||
Google Chrome | <116.0.5845.96 | |
Google Chrome OS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID is CVE-2023-4369.
The title of the vulnerability is 'Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120'.
CVE-2023-4369 has a severity rating of 8.8 (high).
CVE-2023-4369 allows an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page.
To fix CVE-2023-4369, update Google Chrome on ChromeOS to version 116.0.5845.120 or newer.