CVE-2023-4762
Google Chromium V8 Type Confusion Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
YesDecision
Descriptions
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Type Confusion en V8 en Google Chrome anterior a 116.0.5845.179 permitía a un atacante remoto ejecutar código arbitrario a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta)
Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected.
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2023-09-04 CVE Reserved
- 2023-09-05 CVE Published
- 2023-09-27 First Exploit
- 2024-02-06 Exploited in Wild
- 2024-02-27 KEV Due Date
- 2025-02-13 CVE Updated
- 2025-03-30 EPSS Updated
CWE
- CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC | Mailing List |
|
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT | Mailing List |
|
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3 | Mailing List |
|
| https://security.gentoo.org/glsa/202311-11 | Third Party Advisory |
|
| https://security.gentoo.org/glsa/202312-07 | Third Party Advisory |
|
| https://security.gentoo.org/glsa/202401-34 | Third Party Advisory |
|
| https://www.debian.org/security/2023/dsa-5491 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/buptsb/CVE-2023-4762 | 2023-09-27 | |
| https://github.com/sherlocksecurity/CVE-2023-4762-Code-Review | 2023-09-27 |
| URL | Date | SRC |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4762 | 2024-07-03 |
| URL | Date | SRC |
|---|---|---|
| https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html | 2024-07-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 116.0.5845.179 Search vendor "Google" for product "Chrome" and version " < 116.0.5845.179" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 12.0 Search vendor "Debian" for product "Debian Linux" and version "12.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 39 Search vendor "Fedoraproject" for product "Fedora" and version "39" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Edge Chromium Search vendor "Microsoft" for product "Edge Chromium" | < 116.0.1938.76 Search vendor "Microsoft" for product "Edge Chromium" and version " < 116.0.1938.76" | - |
Affected
| ||||||