CVE-2023-4368 – This vulnerability allows attackers to bypass e... (How to Fix)

Q: What is the severity of CVE-2023-4368?

CVE-2023-4368 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers to bypass enterprise policies in Google Chrome by convincing users to install malicious extensions. It affects Chrome users with enterprise policies configured, particularly in managed environments. The attacker needs user interaction to install the malicious extension.

📋 TL;DR

This vulnerability allows attackers to bypass enterprise policies in Google Chrome by convincing users to install malicious extensions. It affects Chrome users with enterprise policies configured, particularly in managed environments. The attacker needs user interaction to install the malicious extension.

💻 Affected Systems

Products:

Google Chrome
Chromium-based browsers

Versions: All versions prior to 116.0.5845.96

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with enterprise policies configured. Regular consumer Chrome installations are not vulnerable to policy bypass.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Enterprise security policies are completely bypassed, allowing malicious extensions to operate with elevated privileges and access restricted data or systems.

🟠

Likely Case

Targeted attacks against organizations where attackers use social engineering to install malicious extensions that bypass security controls.

🟢

If Mitigated

With proper extension management controls and user training, the risk is limited to isolated incidents that can be quickly contained.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to install malicious extension. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 116.0.5845.96 and later

Vendor Advisory: https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

Restart Required: Yes

Instructions:

1. Open Chrome menu > Help > About Google Chrome. 2. Chrome will automatically check for updates. 3. If update available, click 'Relaunch' to apply. 4. For enterprise deployments, push Chrome 116.0.5845.96 or later via management tools.

🔧 Temporary Workarounds

Disable extension installation

all

Temporarily block all extension installations via enterprise policy

For Windows GPO: Configure 'ExtensionInstallBlocklist' policy to '*'
For macOS/Linux: Set ExtensionInstallBlocklist to * in policies.json

Restrict extension sources

all

Only allow extensions from Chrome Web Store

Set ExtensionInstallSources policy to only allow https://chrome.google.com/webstore/*

🧯 If You Can't Patch

Implement strict extension whitelisting policies
Deploy endpoint protection that monitors for suspicious extension activity
Educate users about risks of installing unknown extensions
Monitor for unusual extension installation events in logs

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: If version is less than 116.0.5845.96 and enterprise policies are configured, system is vulnerable.

Check Version:

chrome://version/ or 'google-chrome --version' on command line

Verify Fix Applied:

Verify Chrome version is 116.0.5845.96 or higher and test that enterprise policies cannot be bypassed by test extensions.

📡 Detection & Monitoring

Log Indicators:

Unexpected extension installation events
Policy violation alerts in Chrome enterprise logs
Extensions with unusual permissions being installed

Network Indicators:

Downloads of extensions from non-Chrome Web Store sources
Unusual outbound connections from Chrome extension processes

SIEM Query:

source="chrome_enterprise" AND (event="extension_install" OR event="policy_violation")

📊 Metadata

CVE ID: CVE-2023-4368

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published: August 15, 2023

Last Updated: November 21, 2024

🔗 References

https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html Release Notes,Vendor Advisory
https://crbug.com/1467751 Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/ Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202401-34
https://www.debian.org/security/2023/dsa-5479 Third Party Advisory
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html Release Notes,Vendor Advisory
https://crbug.com/1467751 Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/ Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202401-34
https://www.debian.org/security/2023/dsa-5479 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON