CVE-2023-0129

CVSS V2 None CVSS V3 None
Description
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)
Overview
  • CVE ID
  • CVE-2023-0129
  • Assigner
  • chrome-cve-admin@google.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2023-01-10T20:15:10
  • Last Modified Date
  • 2023-05-03T12:16:43
Weakness Enumerations
CWE URL
CWE-787 http://cwe.mitre.org/data/definitions/787.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* 1 OR 109.0.5414.74
References
Reference URL Reference Tags
https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html Release Notes Vendor Advisory
https://crbug.com/1382033 Permissions Required
https://security.gentoo.org/glsa/202305-10
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-0129
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0129
History
Created Old Value New Value Data Type Notes
2023-01-10 21:18:28 Added to TrackCVE
2023-01-12 05:16:36 2023-01-11T15:09:58 CVE Modified Date updated
2023-01-12 05:16:36 Received Awaiting Analysis Vulnerability Status updated
2023-01-13 05:14:57 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-13 15:15:16 2023-01-13T15:02:04 CVE Modified Date updated
2023-01-13 15:15:16 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-13 15:15:17 Weakness Enumeration new
2023-01-13 15:15:18 CPE Information updated
2023-05-03 13:03:14 2023-05-03T12:16:43 CVE Modified Date updated
2023-05-03 13:03:14 Analyzed Modified Vulnerability Status updated
2023-05-03 13:03:22 References updated