Search for vulnerabilities
Vulnerability details: VCID-4ar1-s35b-aaas
Vulnerability ID VCID-4ar1-s35b-aaas
Aliases CVE-2023-1820
Summary Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00408 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00420 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00420 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00420 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00420 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.00659 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
epss 0.01881 https://api.first.org/data/v1/epss?cve=CVE-2023-1820
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-1820
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-1820
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-1820
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html
https://crbug.com/1408120
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1812
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2313
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/
https://www.debian.org/security/2023/dsa-5386
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2023-1820 https://nvd.nist.gov/vuln/detail/CVE-2023-1820
GLSA-202309-17 https://security.gentoo.org/glsa/202309-17
USN-6021-1 https://usn.ubuntu.com/6021-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1820
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1820
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.73514
EPSS Score 0.00408
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.