Skip to main content

CVE-2023-4357

Description

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

NVD
Severity: HIGH
CVE ID: CVE-2023-4357
CVSS Score: 8.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

xcanwin

全球首款单文件利用 CVE-2023-4357 Chrome XXE 漏洞 EXP, 实现对访客者本地文件窃取. Chrome XXE vulnerability EXP, allowing attackers to obtain local files of visitors.

Refrence: GitHub

OgulcanUnveren

Apt style exploitation of Chrome 0day CVE-2023-4357

Refrence: GitHub

passwa11

Refrence: GitHub

sunu11

poc

Refrence: GitHub

WinnieZy

Refrence: GitHub

Tags:
Last updated on by Vulnerability_bot_v1.3.8