CVE-2023-3420

一、漏洞信息
漏洞编号：CVE-2023-3420
漏洞归属组件：chromium
漏洞归属的版本：119.0.6045.159,128.0.6613.119,87.0.4280.141
CVSS V3.0分值：
BaseScore：8.8 High
Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞简述：
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
漏洞公开时间：2023-06-27 05:15:09
漏洞创建时间：2023-06-26 21:34:29
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2023-3420

更多参考(点击展开)

参考来源	参考链接	来源链接
chrome-cve-admin.google.com	https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
chrome-cve-admin.google.com	https://crbug.com/1452137
chrome-cve-admin.google.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL/
chrome-cve-admin.google.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/
chrome-cve-admin.google.com	https://security.gentoo.org/glsa/202401-34
chrome-cve-admin.google.com	https://www.debian.org/security/2023/dsa-5440
redhat_bugzilla	https://code.google.com/p/chromium/issues/detail?id=1452137	https://bugzilla.redhat.com/show_bug.cgi?id=2217776
redhat_bugzilla	https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html	https://bugzilla.redhat.com/show_bug.cgi?id=2217776
debian
gentoo		https://security.gentoo.org/glsa/202401-34
cve_search		https://crbug.com/1452137
cve_search		https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
cve_search		https://www.debian.org/security/2023/dsa-5440
cve_search		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL/
cve_search		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/
snyk	https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html	https://security.snyk.io/vuln/SNYK-UNMANAGED-CHROMIUM-5740621

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	问题引入补丁	来源
		https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html		nvd
		https://crbug.com/1452137		nvd
		https://www.debian.org/security/2023/dsa-5440		nvd

二、漏洞分析结构反馈
影响性分析说明：

openEuler评分：
8.8
Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
受影响版本排查(受影响/不受影响)：
1.openEuler-20.03-LTS-SP1:
2.openEuler-20.03-LTS-SP3:
3.openEuler-22.03-LTS:
4.openEuler-22.03-LTS-SP1:
5.openEuler-22.03-LTS-SP2:
6.master(128.0.6613.119):
7.openEuler-22.03-LTS-SP4:
8.openEuler-20.03-LTS-SP4:
9.openEuler-22.03-LTS-SP3:
10.openEuler-24.03-LTS:
11.openEuler-24.03-LTS-Next:

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1:
2.openEuler-20.03-LTS-SP3:
3.openEuler-22.03-LTS:
4.openEuler-22.03-LTS-SP1:
5.openEuler-22.03-LTS-SP2:
6.master(128.0.6613.119):
7.openEuler-22.03-LTS-SP4:

原因说明：
1.master(128.0.6613.119):
2.openEuler-20.03-LTS-SP4:
3.openEuler-22.03-LTS-SP1:
4.openEuler-22.03-LTS-SP3:
5.openEuler-22.03-LTS-SP4:
6.openEuler-24.03-LTS:
7.openEuler-24.03-LTS-Next:
8.openEuler-24.03-LTS-SP1:

参考网址	关联pr	状态	补丁链接
https://nvd.nist.gov/vuln/detail/CVE-2023-3420
https://ubuntu.com/security/CVE-2023-3420	None	None	https://discourse.ubuntu.com/c/ubuntu-pro
https://www.opencve.io/cve/CVE-2023-3420
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-3420
https://security-tracker.debian.org/tracker/CVE-2023-3420

说明：补丁链接仅供初步排查参考，实际可用性请人工再次确认，补丁下载验证可使用CVE补丁工具。
若补丁不准确，烦请在此issue下评论 '/report-patch 参考网址补丁链接1,补丁链接2' 反馈正确信息，便于我们不断优化工具，不胜感激。
如 /report-patch https://security-tracker.debian.org/tracker/CVE-2021-3997 https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1

该软件包当前在Factory工程下，未引入发布版本，暂时挂起

src-openEuler/chromium

内容风险标识

评论 (3)

src-openEuler/chromium .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2023-3420

评论 (3)

搜索帮助

src-openEuler/chromium