⚠ Actively exploited
Added to CISA KEV on 2023-04-17. Federal agencies required to patch by 2023-05-08. Required action: Apply updates per vendor instructions..

CVE-2023-2033

CWE-84311 documents10 sources
Severity
8.8HIGH
EPSS
23.3%
top 4.05%
CISA KEV
KEV
Added 2023-04-17
Due 2023-05-08
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
Google ChromeCouchbase Couchbase ServerDebian Debian Linux+1 more
Timeline
PublishedApr 14
KEV addedApr 17
Latest updateApr 27
KEV dueMay 8
CISA Required Action: Apply updates per vendor instructions.

Description

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5google/chrome112.0.5615.121112.0.5615.121
NVDgoogle/chrome< 112.0.5615.121
Debianchromium< 112.0.5615.121-1~deb11u1+3

Also affects: Debian Linux 11.0, Fedora 36, 37, 38

🔴Vulnerability Details

4
GHSA
GHSA-5gxv-52gp-vmhp: Type confusion in V8 in Google Chrome prior to 1122023-04-14
OSV
CVE-2023-2033: Type confusion in V8 in Google Chrome prior to 1122023-04-14
CVEList
CVE-2023-2033: Type confusion in V8 in Google Chrome prior to 1122023-04-14
VulnCheck
Google Chromium V8 Type Confusion Vulnerability2023

📋Vendor Advisories

4
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2023-20332023-04-27
CISA
Google Chromium V8 Type Confusion Vulnerability2023-04-17
Microsoft
Chromium: CVE-2023-2033 Type Confusion in V82023-04-11
Debian
CVE-2023-2033: chromium - Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote a...2023

🕵️Threat Intelligence

2
Sentinelone
CVE-2023-2033: Google Chrome Patch Addresses Zero-day Vulnerability2023-04-24
Sentinelone
CVE-2023-2033: Google Chrome Patch Addresses Zero-day Vulnerability2023-04-24
CVE-2023-2033 (HIGH CVSS 8.8) | Type confusion in V8 in Google Chro | cvebase.io