QwikSec

Security Database

CVE

CWE

Training

CVE-2023-4078

Published: Aug 3, 2023

Modified: Feb 13, 2025

PUBLISHED

Description

Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor	Product	Versions
Google	Chrome	affected `115.0.5790.170 - < 115.0.5790.170`

References

https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html

https://crbug.com/1461895

https://www.debian.org/security/2023/dsa-5467

https://lists.fedoraproject.org/archives/list/[email protected]/message/PQKT7EGDD2P3L7S3NXEDDRCPK4NNZNWJ/

https://security.gentoo.org/glsa/202311-11

https://security.gentoo.org/glsa/202312-07

https://security.gentoo.org/glsa/202401-34

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.