CVE-2023-4357
📋 TL;DR
This vulnerability in Google Chrome allows attackers to bypass file access restrictions through malicious XML input in crafted HTML pages. It affects Chrome users on all platforms who haven't updated to version 116.0.5845.96 or later. Attackers can potentially access local files they shouldn't be able to reach.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
Complete file system access leading to data theft, credential harvesting, or malware deployment through file writes.
Likely Case
Limited file access to user-accessible directories, potentially exposing sensitive documents or browser data.
If Mitigated
No impact if Chrome is fully patched or if XML parsing is disabled via enterprise policies.
🎯 Exploit Status
Requires user to visit malicious website but no authentication needed. No public exploit code identified in references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 116.0.5845.96 and later
Vendor Advisory: https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' when prompted. For enterprise: Deploy Chrome 116.0.5845.96+ via your management system.
🔧 Temporary Workarounds
Disable XML parsing via enterprise policy
allPrevents Chrome from processing XML content that could trigger the vulnerability
Set Chrome policy: 'DefaultPluginsSetting' = 2 (Block plugins)
Use site isolation
allEnable site isolation to limit impact of potential exploitation
Navigate to chrome://flags/#enable-site-per-process and enable
🧯 If You Can't Patch
- Use alternative browser until Chrome can be updated
- Implement network filtering to block known malicious sites and restrict XML content
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: If below 116.0.5845.96, you are vulnerable.Check Version:
chrome://version/ or 'google-chrome --version' on Linux/macOSVerify Fix Applied:
Confirm Chrome version is 116.0.5845.96 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Unusual file access attempts from Chrome process
- XML parsing errors in Chrome logs
Network Indicators:
- Requests to unusual local file paths from web content
- XML content loading from untrusted sources
SIEM Query:
process_name:"chrome.exe" AND (file_access:"file://" OR xml_parse_error)🔗 References
- https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
- https://crbug.com/1458911
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/
- https://security.gentoo.org/glsa/202401-34
- https://www.debian.org/security/2023/dsa-5479
- https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html
- https://crbug.com/1458911
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/
- https://security.gentoo.org/glsa/202401-34
- https://www.debian.org/security/2023/dsa-5479
