← back
CVE-2023-4762

CVE-2023-4762

CVSS 8.8 HIGHEPSS 38.0%● KEVCWE-843
In short

A type confusion bug in Chrome's V8 engine allowed attackers to run malicious code by tricking the browser into misidentifying data types. This could let criminals take control of your computer through a specially crafted webpage.

Technical detail

Type confusion vulnerability in V8 allows remote code execution when an attacker provides a crafted HTML page that causes the engine to misinterpret object types, bypassing type safety mechanisms. Exploitation requires user interaction (visiting a malicious page) but results in arbitrary code execution with browser privileges.

Summary generated and translated by AI from the official description.
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chrome
public PoCs found2
githubgithub.com/buptsb/CVE-2023-476224githubgithub.com/sherlocksecurity/CVE-2023-4762-Code-Review0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.htmlhttps://crbug.com/1473247https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4762https://security.gentoo.org/glsa/202311-11https://security.gentoo.org/glsa/202312-07https://security.gentoo.org/glsa/202401-34https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-4762https://www.debian.org/security/2023/dsa-5491