What is CVE-2023-4357?

CVE-2023-4357 is a vulnerability in Google Chrome. Published 2023-08-15.

Is CVE-2023-4357 known to be exploited?

44 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Google Chrome

CVE-2023-4357

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

EPSS: 0.590 (98.3th percentile) — read the EPSS interpretation.

Affected products

Google Chrome — versions 116.0.5845.96

Public proof-of-concept exploits

xcanwin/CVE-2023-4357-Chrome-XXE
lon5948/CVE-2023-4357-Exploitation
sunu11/chrome-CVE-2023-4357
CamillaFranceschini/CVE-2023-4357
WinnieZy/CVE-2023-4357
passwa11/CVE-2023-4357-APT-Style-exploitation
Lern0n/Lernon-POC
Linxloop/fork_
Marco-zcl/POC
OgulcanUnveren/CVE-2023-4357-APT-Style-exploitation

References

chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
crbug.com/1458911
www.debian.org/security/2023/dsa-5479
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
security.gentoo.org/glsa/202401-34

Frequently asked questions

What is CVE-2023-4357?: CVE-2023-4357 is a vulnerability in Google Chrome. Published 2023-08-15.
Is CVE-2023-4357 known to be exploited?: 44 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.