CVE-2023-7282

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 23, 2024
Updated: Sep 26, 2024
CWE ID 451

Summary

CVE-2023-7282 is a vulnerability in Google Chrome versions prior to 113.0.5672.63, which allows remote attackers to perform domain spoofing by convincing users to engage in specific UI gestures on a crafted HTML page. The affected products include various builds of Google Chrome, potentially impacting a wide range of users and organizations using this browser version. Remediation involves updating Google Chrome to the latest version to mitigate the risk associated with this vulnerability. The exploit requires user interaction and has a medium severity rating with an exploitability score of 2.8, indicating that while the integrity impact is low, the potential for malicious actors to deceive users poses significant risks for security and data confidentiality within organizations. This vulnerability falls under the category of user interface misrepresentation, specifically classified as CWE-451.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share