Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – CVE-2022-39951 – Fortinet FortiWeb Vulnerability
March 9, 2023Rewterz Threat Advisory – Multiple Fortinet FortiNAC Vulnerabilities
March 9, 2023
Severity
High
Analysis Summary
CVE-2023-1236 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by inappropriate implementation in Internals. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1235 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion flaw in the DevTools component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1234 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by inappropriate implementation in Intents. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1233 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Resource Timing. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1232 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Resource Timing. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1231 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by inappropriate implementation in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1230 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by inappropriate implementation in WebApp Installs. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1229 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by inappropriate implementation in Permission prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1228 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Intents. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1227 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the Core component. By persuading a victim to open a specially-crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1226 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Web Payments API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1225 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Navigation. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1224 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Web Payments API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1223 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Autofill. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1222 CVSS:8.8
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the Web Audio API component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2023-1221 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Extensions API. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-1220 CVSS:8.8
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the UMA component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2023-1219 CVSS:8.8
Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the Metrics component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2023-1218 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the WebRTC component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1217 CVSS:8.8
Google Chrome is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Crash reporting component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2023-1216 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the DevTools component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1215 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion flaw in the CSS component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVE-2023-1214 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion flaw in the V8 component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
Impact
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2023-1236
- CVE-2023-1235
- CVE-2023-1234
- CVE-2023-1233
- CVE-2023-1232
- CVE-2023-1231
- CVE-2023-1230
- CVE-2023-1229
- CVE-2023-1228
- CVE-2023-1227
- CVE-2023-1226
- CVE-2023-1225
- CVE-2023-1224
- CVE-2023-1223
- CVE-2023-1222
- CVE-2023-1221
- CVE-2023-1220
- CVE-2023-1219
- CVE-2023-1218
- CVE-2023-1217
- CVE-2023-1216
- CVE-2023-1215
- CVE-2023-1214
Affected Vendors
Affected Products
- Google Chrome 111.0
Remediation
Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Web site.