Search for vulnerabilities
Vulnerability details: VCID-x49f-3wc1-aaaa
Vulnerability ID VCID-x49f-3wc1-aaaa
Aliases CVE-2023-6706
Summary Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00177 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00211 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00426 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.00754 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
epss 0.02189 https://api.first.org/data/v1/epss?cve=CVE-2023-6706
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-6706
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-6706
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-6706
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html
https://crbug.com/1500921
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6707
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
CVE-2023-6706 https://nvd.nist.gov/vuln/detail/CVE-2023-6706
GLSA-202401-34 https://security.gentoo.org/glsa/202401-34
GLSA-202402-14 https://security.gentoo.org/glsa/202402-14
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6706
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6706
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.35958
EPSS Score 0.00082
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-01-03T17:14:53.399963+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2023-6706 34.0.0rc1