CVE-2023-4357

HIGH

Google Chrome <116.0.5845.96 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 6 public exploits for CVE-2023-4357. PoCs published by xcanwin, lon5948, sunu11.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-4357, a Chromium XXE vulnerability that allows local file theft via a single-file SVG payload. The exploit leverages a bypass in libxslt's handling of external entities when Chromium processes XSL stylesheets, enabling cross-domain file access.

Description

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)

Exploits (6)

nomisec WORKING POC 227 stars

by xcanwin · poc

https://github.com/xcanwin/CVE-2023-4357-Chrome-XXE

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-4357, a Chromium XXE vulnerability that allows local file theft via a single-file SVG payload. The exploit leverages a bypass in libxslt's handling of external entities when Chromium processes XSL stylesheets, enabling cross-domain file access.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Chrome/Chromium < 116.0.5845.96, Electron < 26.1.0, WeChat Mac < 3.8.5.17

No auth needed

Prerequisites: Victim must visit a malicious SVG file or XSS payload · Chromium-based browser with vulnerable version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec SUSPICIOUS 4 stars

by lon5948 · poc

https://github.com/lon5948/CVE-2023-4357-Exploitation

View Code ZIP pw:eip

The repository lacks actual exploit code and only provides setup instructions with a generic web server script. It references an external GitHub repository for details, which is a common tactic in suspicious repos.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Google Chrome prior to 116.0.5845.96

No auth needed

Prerequisites: Chrome on Linux · Python3 for web server

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec SUSPICIOUS 4 stars

by sunu11 · poc

https://github.com/sunu11/chrome-CVE-2023-4357

View Code ZIP pw:eip

The repository contains a PHP script that decodes a base64 string, which appears to be an XML payload, but lacks clear technical details or functional exploit code for CVE-2023-4357. The README is minimal and does not provide any meaningful analysis or context.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Google Chrome (version not specified)

No auth needed

Prerequisites: None specified

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC

by CamillaFranceschini · poc

https://github.com/CamillaFranceschini/CVE-2023-4357

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2023-4357, leveraging a malicious SVG file served via a local HTTP server to exploit a vulnerability in Chromium-based browsers. The script automates the launch of Chromium with the `--no-sandbox` flag to trigger the exploit.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Chromium-based browsers (e.g., Chrome, Edge)

No auth needed

Prerequisites: Local execution environment · Chromium-based browser binary · Python 3

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC

by WinnieZy · poc

https://github.com/WinnieZy/CVE-2023-4357

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2023-4357, a Chrome XXE vulnerability allowing arbitrary file reads. The server.js file sets up an Express server to serve malicious SVG and XSL files, demonstrating the exploit.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Google Chrome (specific version not specified)

No auth needed

Prerequisites: Victim must visit a malicious URL or open a crafted SVG file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec TROJAN

by passwa11 · poc

https://github.com/passwa11/CVE-2023-4357-APT-Style-exploitation

View Code ZIP pw:eip

The repository claims to exploit CVE-2023-4357 but contains deceptive PHP code designed to steal SSH keys and system information via XXE and XSLT attacks, unrelated to the stated Chrome vulnerability.

Classification

Trojan 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Unspecified (deceptive)

No auth needed

Prerequisites: Victim interaction with malicious PHP page

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6

Core References

Release Notes, Vendor Advisory

https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html

Permissions Required

https://crbug.com/1458911

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/

Third Party Advisory

https://www.debian.org/security/2023/dsa-5479

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/

Third Party Advisory

https://security.gentoo.org/glsa/202401-34

Scores

CVSS v3 8.8

EPSS 0.4591

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (4)

debian/debian_linux 11.0

debian/debian_linux 12.0

fedoraproject/fedora 38

google/chrome < 116.0.5845.96

Published Aug 15, 2023

Tracked Since Feb 18, 2026