CVE-2023-1235Type Confusion in Google Chrome

CWE-843Type Confusion9 documents8 sources
Severity
6.3MEDIUMNVD
OSV8.8
EPSS
0.2%
top 58.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Google ChromeChromiumDebian Chromium+2 more
Timeline
PublishedMar 7
Latest updateMar 15

Description

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages6 packages

CVEListV5google/chrome111.0.5563.64111.0.5563.64
NVDgoogle/chrome< 111.0.5563.64
debiandebian/chromium< chromium 111.0.5563.64-1 (bookworm)
Debianchromium/chromium< 111.0.5563.64-1~deb11u1+3

🔴Vulnerability Details

3
OSV
chromium-browser vulnerabilities2023-03-13
GHSA
GHSA-fqrq-3g7c-chvf: Type confusion in DevTools in Google Chrome prior to 1112023-03-08
OSV
CVE-2023-1235: Type confusion in DevTools in Google Chrome prior to 1112023-03-07

📋Vendor Advisories

4
Microsoft
Chromium: CVE-2023-1235 Type Confusion in DevTools2023-03-14
Ubuntu
Chromium vulnerabilities2023-03-13
Chrome
Stable Channel Update for Desktop: CVE-2023-12332023-03-07
Debian
CVE-2023-1235: chromium - Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a rem...2023

💬Community

1
Bugzilla
CVE-2023-3966 openvswsitch: ovs-vswitch fails to recover after malformed geneve metadata packet2023-03-15