VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-rk86-xvhb-j7gv

Essentials
Severities (24)
References (33)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-rk86-xvhb-j7gv
Aliases	CVE-2023-4367
Summary	Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2023-4367
ssvc	Track	https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
ssvc	Track	https://crbug.com/1467743
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-4367
ssvc	Track	https://security.gentoo.org/glsa/202401-34
ssvc	Track	https://www.debian.org/security/2023/dsa-5479

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-4367
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2312
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4349
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4350
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4351
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4352
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4353
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4354
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4355
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4356
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4357
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4358
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4359
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4360
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4361
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4362
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4363
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4364
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4365
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4366
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4367
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4368
		https://security.gentoo.org/glsa/202401-34
1467743		https://crbug.com/1467743
2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/
cpe:2.3:a:google:chrome::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
cpe:2.3:o:fedoraproject:fedora:38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:::::::*
CVE-2023-4367		https://nvd.nist.gov/vuln/detail/CVE-2023-4367
dsa-5479		https://www.debian.org/security/2023/dsa-5479
OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/
stable-channel-update-for-desktop_15.html		https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

No exploits are available.

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T19:36:39Z/ Found at https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T19:36:39Z/ Found at https://crbug.com/1467743

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T19:36:39Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-4367

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T19:36:39Z/ Found at https://security.gentoo.org/glsa/202401-34

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T19:36:39Z/ Found at https://www.debian.org/security/2023/dsa-5479

Exploit Prediction Scoring System (EPSS)

Percentile	0.18228
EPSS Score	0.00058
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:38:05.931958+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2023/4xxx/CVE-2023-4367.json	37.0.0