VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qekv-m7zq-f7c2

Essentials
Severities (30)
References (32)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-qekv-m7zq-f7c2
Aliases	CVE-2023-4362
Summary	Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Status	Published
Exploitability	0.5
Weighted Severity	7.9
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-787

Out-of-bounds Write

System	Score	Found at
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
epss	0.24421	https://api.first.org/data/v1/epss?cve=CVE-2023-4362
ssvc	Track	https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
ssvc	Track	https://crbug.com/1316379
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-4362
ssvc	Track	https://security.gentoo.org/glsa/202401-34
ssvc	Track	https://www.debian.org/security/2023/dsa-5479

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-4362
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2312
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4349
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4350
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4351
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4352
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4353
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4354
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4355
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4356
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4357
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4358
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4359
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4360
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4361
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4362
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4363
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4364
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4365
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4366
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4367
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4368
		https://security.gentoo.org/glsa/202401-34
1316379		https://crbug.com/1316379
2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/
cpe:2.3:a:google:chrome::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-4362		https://nvd.nist.gov/vuln/detail/CVE-2023-4362
dsa-5479		https://www.debian.org/security/2023/dsa-5479
OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/
stable-channel-update-for-desktop_15.html		https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

No exploits are available.

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-01T20:19:25Z/ Found at https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-01T20:19:25Z/ Found at https://crbug.com/1316379

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-01T20:19:25Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4362

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-01T20:19:25Z/ Found at https://security.gentoo.org/glsa/202401-34

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-01T20:19:25Z/ Found at https://www.debian.org/security/2023/dsa-5479

Exploit Prediction Scoring System (EPSS)

Percentile	0.95869
EPSS Score	0.24421
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:37:54.241765+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2023/4xxx/CVE-2023-4362.json	37.0.0