Rewterz Threat Advisory – CVE-2022-39951 – Fortinet FortiWeb Vulnerability
March 9, 2023Rewterz Threat Advisory – Multiple Fortinet FortiNAC Vulnerabilities
March 9, 2023Rewterz Threat Advisory – CVE-2022-39951 – Fortinet FortiWeb Vulnerability
March 9, 2023Rewterz Threat Advisory – Multiple Fortinet FortiNAC Vulnerabilities
March 9, 2023Severity
High
Analysis Summary
CVE-2023-1236 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by inappropriate implementation in Internals. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1235 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion flaw in the DevTools component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1234 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by inappropriate implementation in Intents. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1233 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Resource Timing. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1232 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Resource Timing. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1231 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by inappropriate implementation in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1230 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by inappropriate implementation in WebApp Installs. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1229 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by inappropriate implementation in Permission prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1228 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Intents. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1227 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the Core component. By persuading a victim to open a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1226 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Web Payments API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1225 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Navigation. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1224 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Web Payments API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1223 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1222 CVSS:8.8
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the Web Audio API component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2023-1221 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Extensions API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1220 CVSS:8.8
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the UMA component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2023-1219 CVSS:8.8
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the Metrics component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2023-1218 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the WebRTC component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1217 CVSS:8.8
Google Chrome is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Crash reporting component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2023-1216 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the DevTools component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1215 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion flaw in the CSS component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1214 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion flaw in the V8 component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
Impact
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2023-1236
- CVE-2023-1235
- CVE-2023-1234
- CVE-2023-1233
- CVE-2023-1232
- CVE-2023-1231
- CVE-2023-1230
- CVE-2023-1229
- CVE-2023-1228
- CVE-2023-1227
- CVE-2023-1226
- CVE-2023-1225
- CVE-2023-1224
- CVE-2023-1223
- CVE-2023-1222
- CVE-2023-1221
- CVE-2023-1220
- CVE-2023-1219
- CVE-2023-1218
- CVE-2023-1217
- CVE-2023-1216
- CVE-2023-1215
- CVE-2023-1214
Affected Vendors
Affected Products
- Google Chrome 111.0
Remediation
Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Web site.