Article - CS407241
Google Chrome browser's multiple CVEs - Impact on PTC products
Modified: 04-Jan-2024
Applies To
- Creo+
- Creo Parametric 3.0 M010 to 10.0
- Creo Simulate 3.0 M010 to 7.0
- Creo Direct 3.0 M010 to 7.0
- Creo Layout 3.0 M010 to 7.0
- Creo View Adapters 8.0 to 10.0
- Creo View 8.0 to 10.0
- Creo Illustrate 8.0 to 10.0
- Windchill PDMLink 12.0.2.0 to 13.0.0.0
- Windchill ProjectLink 12.0.2.0 to 13.0.0.0
- Windchill Workgroup Manager 13.0.0.1 and earlier
- ThingWorx Navigate 9.3.0 to 9.3.11
- ThingWorx Navigate 9.4.0 F000
Description
- CVSS 3.1 Score: 8.8 High
- CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE: Out-of-bounds Write, CWE-787
- Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
- Common Vulnerabilities and Exposures: CVE-2023-4863 has been assigned to this vulnerability
- CVSS 3.1 Score: 8.8 High
- CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE: Out-of-bounds Write, CWE-787
- Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- Common Vulnerabilities and Exposures: CVE-2023-5217 has been assigned to this vulnerability
- CVSS 3.1 Score: 8.8 High
- CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE: Use After Free, CWE-416
- Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- Common Vulnerabilities and Exposures: CVE-2023-5218 has been assigned to this vulnerability
- CVSS 3.1 Score: 8.8 High
- CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE: Use After Free, CWE-416
- Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- Common Vulnerabilities and Exposures: CVE-2023-5996 has been assigned to this vulnerability
- Note that PTC has no indication nor has been made aware that any of these vulnerabilities have or are being exploited
This is a printer-friendly version of Article 407241 and may be out of date. For the latest version click CS407241