CVE-2023-2033

CVSS 8.8 HIGHEPSS 40.8%● KEVCWE-843

In short

A type confusion bug in Chrome's V8 engine allows attackers to corrupt heap memory through a specially crafted webpage, potentially leading to code execution or browser crashes.

Technical detail

Type confusion vulnerability in V8 (CWE-843) enables remote code execution via heap corruption when processing malicious HTML. Requires user to visit a crafted webpage; no authentication needed. Impacts confidentiality, integrity, and availability of the browser process.

Summary generated and translated by AI from the official description.

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Google · Chrome

public PoCs found — 5

githubgithub.com/mistymntncop/CVE-2023-2033★ 64 githubgithub.com/sandumjacob/CVE-2023-2033-Analysis★ 19 githubgithub.com/insoxin/CVE-2023-2033★ 4 githubgithub.com/gretchenfrage/CVE-2023-2033-analysis★ 0 githubgithub.com/tianstcht/CVE-2023-2033★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References