CVE-2023-3732
Chrome IPCZ FragmentDescriptors Missing Validation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Un acceso a memoria fuera de los límites en Mojo en Google Chrome anterior a la versión 115.0.5790.98 permitía a un atacante remoto que hubiera comprometido el proceso de renderizado explotar potencialmente la corrupción del montículo a través de una página HTML manipulada. (Gravedad de seguridad de Chromium: Alta)
Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-07-18 CVE Reserved
- 2023-07-20 CVE Published
- 2023-08-18 First Exploit
- 2025-02-13 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/174223 | 2023-08-18 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html | 2024-01-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 115.0.5790.98 Search vendor "Google" for product "Chrome" and version " < 115.0.5790.98" | - |
Affected
| ||||||