CVE-2023-4357
Description
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
NVD
Severity: HIGH
CVE ID: CVE-2023-4357
CVSS Score: 8.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Proof Of Concept
xcanwin
全球首款单文件利用 CVE-2023-4357 Chrome XXE 漏洞 EXP, 实现对访客者本地文件窃取. Chrome XXE vulnerability EXP, allowing attackers to obtain local files of visitors.
Refrence: GitHub
OgulcanUnveren
Apt style exploitation of Chrome 0day CVE-2023-4357
Refrence: GitHub
passwa11
Refrence: GitHub
sunu11
poc
Refrence: GitHub
WinnieZy
Refrence: GitHub