Unrated severityNVD Advisory· Published May 30, 2023· Updated May 5, 2025
CVE-2023-2939
CVE-2023-2939
Description
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
Affected products
4- osv-coords3 versionspkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP4
< 114.0.5735.106-bp154.2.90.1+ 2 more
- (no CPE)range: < 114.0.5735.106-bp154.2.90.1
- (no CPE)range: < 114.0.5735.90-1.1
- (no CPE)range: < 114.0.5735.106-bp154.2.90.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.