Rewterz Threat Advisory –ICS: Mitsubishi Electric INEA ME RTU Vulnerability
May 3, 2023Rewterz Threat Alert – FormBook Malware – Active IOCs
May 3, 2023Rewterz Threat Advisory –ICS: Mitsubishi Electric INEA ME RTU Vulnerability
May 3, 2023Rewterz Threat Alert – FormBook Malware – Active IOCs
May 3, 2023Severity
Medium
Analysis Summary
CVE-2023-2468 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in PictureInPicture. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-2467 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-2466 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-2465 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in CORS. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-2464 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in PictureInPicture. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-2463 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Full Screen Mode. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-2462 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-2461 CVSS:8.8
Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in OS Inputs. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVE-2023-2460 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient validation of untrusted input in Extensions. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
CVE-2023-2459 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Prompts. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
Impact
- Code Execution
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-2468
- CVE-2023-2467
- CVE-2023-2466
- CVE-2023-2465
- CVE-2023-2464
- CVE-2023-2463
- CVE-2023-2462
- CVE-2023-2461
- CVE-2023-2460
- CVE-2023-2459
Affected Vendors
Affected Products
- Google Chrome 113.0
Remediation
Upgrade to the latest version of Chrome, available from the Google Chrome Releases Web site.