Vulnerability identifier: #VU79545

Vulnerability risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-4357

CWE-ID: CWE-20

Exploitation vector: Network

Exploits in database: 2

• April 19, 2024
  • CVE-2023-4357-Chrome-XXE (全球首款单文件利用 CVE-2023-4357 Chrome XXE 漏洞 EXP, 实现对访客者本地文件窃取. Chrome XXE vulnerability EXP, allowing attackers to obtain local files of visitors.) [Github]
• December 18, 2023
  • CVE-2023-4357-APT-Style-exploitation (Apt style exploitation of Chrome 0day CVE-2023-4357) [Github]

Impact: Information disclosure

Vulnerable software:
Google Chromium
Client/Desktop applications / Web browsers

Vendor: