CVE-2023-4369
Published Aug 15, 2023
·Updated
Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium)
Credit
Derin Eryilmaz.
Affected Software
4 affected components
Google Chrome<116.0.5845.96
Google Chrome OS
All of the following
Google Chrome<116.0.5845.96
Google Chrome OS
Event History
Aug 15, 2023
CVE Published
via MITRE·05:07 PM
Data Sourced
via MITRE·05:07 PM
DescriptionWeakness
Data Sourced
via NVD·06:15 PM
DescriptionSeverityAffected Software
Aug 25, 2023
Data Sourced
12:00 AM
SeverityWeakness
Frequently Asked Questions
1
What is the vulnerability ID?
The vulnerability ID is CVE-2023-4369.
2
What is the title of the vulnerability?
The title of the vulnerability is 'Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120'.
3
How severe is CVE-2023-4369?
CVE-2023-4369 has a severity rating of 8.8 (high).
4
How does CVE-2023-4369 impact Google Chrome on ChromeOS?
CVE-2023-4369 allows an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page.
5
How can I fix CVE-2023-4369?
To fix CVE-2023-4369, update Google Chrome on ChromeOS to version 116.0.5845.120 or newer.