Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-3740 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient validation of untrusted input in Themes. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-3738 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Autofill component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-3737 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Notifications component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-3736 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Custom Tabs component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-3735 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Web API Permission Prompts component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-3734 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the Picture In Picture component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-3732 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory access in Mojo. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.

CVE-2023-3730 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Tab Groups. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.

CVE-2023-3728 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebRTC. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.

CVE-2023-3733 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in the WebApp Installs component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.

CVE-2023-3727 CVSS:8.8

Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WebRTC. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.

Impact

• Security Bypass
• Code Execution

Indicators Of Compromise

CVE

• CVE-2023-3740
• CVE-2023-3738
• CVE-2023-3737
• CVE-2023-3736
• CVE-2023-3735
• CVE-2023-3734
• CVE-2023-3732
• CVE-2023-3730
• CVE-2023-3728
• CVE-2023-3733
• CVE-2023-3727

Affected Vendors

Google

Affected Products

• Google Chrome 115.0

Remediation

Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Website.

Google Chrome Releases Website