CVE-2023-7024
CVE-2023-7024
Vexday Risk Score
71High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.8EPSS 7.4%KEV simPoC públicaNuclei —Metasploit —Patch —
Lifecycle
21 Dec 2023Published on NVD
02 Jan 2024Active exploitation (CISA KEV)
07 Nov 2025Public PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in Google Chrome's WebRTC feature allows attackers to corrupt memory through a specially crafted webpage, potentially crashing your browser or enabling more serious attacks.
Technical detail
Heap buffer overflow in WebRTC component allows remote code execution or denial of service via crafted HTML. Attack requires user interaction (visiting malicious page); impacts memory integrity and sandbox bypass potential.
Summary generated and translated by AI from the official description.
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 2
githubgithub.com/aka76bm/chrome-emergency-update★ 1githubgithub.com/aka76bm/google-chrome-emergency-update★ 1⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.htmlhttps://crbug.com/1513170https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M6AJDHUL6EDPURWQXGLUFJNDE7SOJT3/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JL4VHZMHFGEGQYTF74533ZNRWMCMMR/https://security.gentoo.org/glsa/202401-34https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7024https://www.debian.org/security/2023/dsa-5585