CVE-2023-6702
CVE-2023-6702
In short
A type confusion bug in Chrome's V8 engine allows attackers to send a specially crafted webpage that causes memory corruption, potentially letting them execute harmful code on your computer.
Technical detail
Type confusion vulnerability in V8 allows remote code execution through heap corruption. Attack vector: malicious HTML page delivered to victim; requires user interaction (page visit); impact includes arbitrary code execution with renderer process privileges.
Summary generated and translated by AI from the official description.
Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.htmlhttps://crbug.com/1501326https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6NWZ23ZJ62XKWVNGHSIZQYILVJWH5BLI/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGJ732QHS2FAYF62RFF3YP4VIQY75K7V/https://security.gentoo.org/glsa/202401-34