Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
Loading...
Loading...
Score 8.8 from GitHub Security Advisory (severity: HIGH) published 2023-08-15. NVD baseline CVSS 8.8; sources differ by 0.0.
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
August 15, 2023
June 17, 2026
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Working exploit code is in the public domain (3 GitHub PoCs). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
Network Security Project
Open source ↗poc
Open source ↗[漏洞复现] 全球首款单文件利用 CVE-2023-4357 Chrome XXE 漏洞 EXP, 实现对访客者本地文件窃取. Chrome XXE vulnerability EXP, allowing attackers to obtain local files of visitors.
Open source ↗Explore the affected products and dependency analysis for CVE-2023-4357
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.
msrc
CWE-20