CVE-2023-3420
CVE-2023-3420
In short
A type confusion vulnerability in Chrome's V8 engine allowed attackers to create specially crafted web pages that could corrupt memory on your computer. This is dangerous because it could lead to crashes or potentially allow attackers to run malicious code.
Technical detail
Type confusion vulnerability in V8 (CWE-843) affecting Chrome versions prior to 114.0.5735.198, exploitable via crafted HTML delivered through normal web browsing. The flaw allows an attacker to manipulate object type interpretation, leading to heap corruption that could result in arbitrary code execution or denial of service.
Summary generated and translated by AI from the official description.
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.htmlhttps://crbug.com/1452137https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/https://security.gentoo.org/glsa/202401-34https://www.debian.org/security/2023/dsa-5440