Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6bdm-sdkv-6fh9
Vulnerability ID VCID-6bdm-sdkv-6fh9
Aliases CVE-2023-6112
Summary Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution.
Status Published
Exploitability 0.5
Weighted Severity 0.2
Risk 0.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
ssvc Track http://packetstormsecurity.com/files/176721/Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html
epss 0.22788 https://api.first.org/data/v1/epss?cve=CVE-2023-6112
epss 0.22788 https://api.first.org/data/v1/epss?cve=CVE-2023-6112
epss 0.22788 https://api.first.org/data/v1/epss?cve=CVE-2023-6112
epss 0.22788 https://api.first.org/data/v1/epss?cve=CVE-2023-6112
epss 0.22788 https://api.first.org/data/v1/epss?cve=CVE-2023-6112
epss 0.22788 https://api.first.org/data/v1/epss?cve=CVE-2023-6112
epss 0.22788 https://api.first.org/data/v1/epss?cve=CVE-2023-6112
epss 0.22788 https://api.first.org/data/v1/epss?cve=CVE-2023-6112
ssvc Track https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html
ssvc Track https://crbug.com/1499298
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC/
ssvc Track https://security.gentoo.org/glsa/202311-11
ssvc Track https://security.gentoo.org/glsa/202312-07
ssvc Track https://security.gentoo.org/glsa/202401-34
ssvc Track https://www.debian.org/security/2023/dsa-5556
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-6112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6112
1499298 https://crbug.com/1499298
Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html http://packetstormsecurity.com/files/176721/Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html
dsa-5556 https://www.debian.org/security/2023/dsa-5556
GLSA-202311-11 https://security.gentoo.org/glsa/202311-11
GLSA-202312-07 https://security.gentoo.org/glsa/202312-07
GLSA-202402-14 https://security.gentoo.org/glsa/202402-14
JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5/
MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X/
stable-channel-update-for-desktop_14.html https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html
XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC/
No exploits are available.
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T05:00:13Z/ Found at http://packetstormsecurity.com/files/176721/Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T05:00:13Z/ Found at https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T05:00:13Z/ Found at https://crbug.com/1499298
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T05:00:13Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5/
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T05:00:13Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X/
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T05:00:13Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC/
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T05:00:13Z/ Found at https://security.gentoo.org/glsa/202311-11
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T05:00:13Z/ Found at https://security.gentoo.org/glsa/202312-07
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T05:00:13Z/ Found at https://security.gentoo.org/glsa/202401-34
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-11-22T05:00:13Z/ Found at https://www.debian.org/security/2023/dsa-5556
Exploit Prediction Scoring System (EPSS)
Percentile 0.95849
EPSS Score 0.22788
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:58:39.947576+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202402-14 38.0.0