Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)

Related CVEs

CVE-2023-0135

Key Information

GHSA ID

GHSA-3rq8-3g2v-4r35

Published

January 10, 2023 9:30 PM

Last Modified

January 13, 2023 3:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: November 24, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.