Password Exfiltration Vulnerability in Epiphany Browser by GNOME
CVE-2023-26081

7.5HIGH

Key Information:

Vendor: Gnome
Status: Epiphany
Vendor: CVE Published:; 20 February 2023

Summary

In Epiphany (also known as GNOME Web) version 43.0, a security flaw exists where untrusted web content can manipulate the autofill feature, causing users' passwords to be inadvertently exfiltrated from sandboxed contexts. This vulnerability highlights the risks associated with autofill mechanisms when interacting with potentially malicious websites.

References

https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/...

https://github.com/google/security-research/security/advi...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2023
Vulnerability Reserved
Feb 20, 2023