CVE-2023-4764 - Vulnerability Details - OpenCVE

ReportizFlow

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

No data.

References

Link	Providers
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
https://crbug.com/1447237
https://lists.fedoraproject.org/archives/list/[email protected]/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/
https://lists.fedoraproject.org/archives/list/[email protected]/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
https://lists.fedoraproject.org/archives/list/[email protected]/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
https://security.gentoo.org/glsa/202311-11
https://security.gentoo.org/glsa/202312-07
https://security.gentoo.org/glsa/202401-34
https://www.debian.org/security/2023/dsa-5491

History

Thu, 26 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2023-09-05T21:57:42.716Z

Updated: 2024-09-26T20:49:22.172Z

Reserved: 2023-09-04T18:21:19.602Z

Link: CVE-2023-4764

Vulnrichment

Updated: 2024-08-02T07:38:00.806Z

NVD

Status : Modified

Published: 2023-09-05T22:15:09.883

Modified: 2024-11-21T08:35:56.107

Link: CVE-2023-4764

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4764", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "state": "PUBLISHED", "assignerShortName": "Chrome", "dateReserved": "2023-09-04T18:21:19.602Z", "datePublished": "2023-09-05T21:57:42.716Z", "dateUpdated": "2024-09-26T20:49:22.172Z"}, "containers": {"cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "116.0.5845.179", "status": "affected", "lessThan": "116.0.5845.179", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Incorrect security UI"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2023-09-05T21:57:42.716Z"}, "references": [{"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html"}, {"url": "https://crbug.com/1447237"}, {"url": "https://www.debian.org/security/2023/dsa-5491"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"}, {"url": "https://security.gentoo.org/glsa/202311-11"}, {"url": "https://security.gentoo.org/glsa/202312-07"}, {"url": "https://security.gentoo.org/glsa/202401-34"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.806Z"}, "title": "CVE Program Container", "references": [{"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html", "tags": ["x_transferred"]}, {"url": "https://crbug.com/1447237", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5491", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202311-11", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202312-07", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-34", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T20:49:15.655786Z", "id": "CVE-2023-4764", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T20:49:22.172Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html", "tags": ["x_transferred"]}, {"url": "https://crbug.com/1447237", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5491", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202311-11", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202312-07", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-34", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.806Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4764", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-26T20:49:15.655786Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T20:49:19.003Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "116.0.5845.179", "lessThan": "116.0.5845.179", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html"}, {"url": "https://crbug.com/1447237"}, {"url": "https://www.debian.org/security/2023/dsa-5491"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"}, {"url": "https://security.gentoo.org/glsa/202311-11"}, {"url": "https://security.gentoo.org/glsa/202312-07"}, {"url": "https://security.gentoo.org/glsa/202401-34"}], "descriptions": [{"lang": "en", "value": "Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Incorrect security UI"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2023-09-05T21:57:42.716Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4764", "state": "PUBLISHED", "dateUpdated": "2024-09-26T20:49:22.172Z", "dateReserved": "2023-09-04T18:21:19.602Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2023-09-05T21:57:42.716Z", "assignerShortName": "Chrome"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DA933DC-9C49-43BA-B462-A3DBFF8387F2", "versionEndExcluding": "116.0.5845.179", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)"}, {"lang": "es", "value": "La interfaz de usuario de seguridad incorrecta en BFCache en Google Chrome anterior a 116.0.5845.179 permiti\u00f3 a un atacante remoto falsificar el contenido del Omnibox (barra de URL) a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"}], "id": "CVE-2023-4764", "lastModified": "2024-11-21T08:35:56.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-09-05T22:15:09.883", "references": [{"source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html"}, {"source": "[email protected]", "tags": ["Permissions Required"], "url": "https://crbug.com/1447237"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"}, {"source": "[email protected]", "url": "https://security.gentoo.org/glsa/202311-11"}, {"source": "[email protected]", "url": "https://security.gentoo.org/glsa/202312-07"}, {"source": "[email protected]", "url": "https://security.gentoo.org/glsa/202401-34"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5491"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://crbug.com/1447237"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202311-11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202312-07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202401-34"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5491"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}