Article - CS402981

Windchill Workgroup Manager and Google Chrome (CVE-2023-4863)

Modified: 02-Apr-2024   


Applies To

  • Windchill PDMLink 12.0.2.0 to 13.0.0.0
  • Windchill ProjectLink 12.0.2.0 to 13.0.0.0
  • Windchill Workgroup Manager 13.0.0.0 and earlier

Description

  • Is Windchill Workgroup Manager (WWGM)  impacted by the CVE-2023-4863 Heap buffer overflow in WebP Vulnerability reported for Chromium Embedded Framework
  • Windchill Workgroup Manager uses the Embedded Browser to interact with Windchill, which may use Chrome (Chromium Embedded Framework) in the following situations:
    • WWGM 12.1.0.0 and older with uwgmclient.ini setting windows.browser.type set to chromium_browser
    • WWGM 12.1.0.1+
  • Limited details are being made available from Google for this CVE
This is a printer-friendly version of Article 402981 and may be out of date. For the latest version click CS402981