CVE-2023-2935
published 2023-05-30CVE-2023-2935: Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page…
PriorityP262high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
23.86%
97.5th percentile
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 114.0.5735.90-2~deb11u1 | 114.0.5735.90-2~deb11u1 |
| chromium | chromium | >= 0 < 114.0.5735.90-2~deb12u1 | 114.0.5735.90-2~deb12u1 |
| chromium | chromium | >= 0 < 114.0.5735.90-1 | 114.0.5735.90-1 |
| chromium | chromium | >= 0 < 114.0.5735.90-1 | 114.0.5735.90-1 |
| debian | chromium | < chromium 114.0.5735.90-2~deb12u1 (bookworm) | chromium 114.0.5735.90-2~deb12u1 (bookworm) |
| chrome | < 114.0.5735.90 | 114.0.5735.90 | |
| chrome | >= 114.0.5735.90 < 114.0.5735.90 | 114.0.5735.90 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is a Type Confusion in V8 JavaScript engine, exploitable via a crafted HTML page delivered remotely — monitor for suspicious or anomalous JavaScript execution in Chrome/Edge renderer processes ↗
- →Reported internally by Google Project Zero (Sergei Glazunov) with Chromium bug ID 1443452 — no public PoC referenced, but bug tracker entry may contain reproduction details ↗
- ·Fix is included in Chrome stable channel 114.0.5735.90 and above; versions prior to this are vulnerable across Windows, Mac, and Linux desktop platforms ↗
- ·Debian packages are patched: bookworm fixed in 114.0.5735.90-2~deb12u1, bullseye fixed in 114.0.5735.90-2~deb11u1, sid/trixie/forky fixed in 114.0.5735.90-1 ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5ccq-3h49-vjp2: Type Confusion in V8 in Google Chrome prior to 114
ghsa_unreviewed·2023-05-31
CVE-2023-2935 [HIGH] CWE-843 GHSA-5ccq-3h49-vjp2: Type Confusion in V8 in Google Chrome prior to 114
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
OSV
CVE-2023-2935: Type Confusion in V8 in Google Chrome prior to 114
osv·2023-05-30·CVSS 8.8
CVE-2023-2935 [HIGH] CVE-2023-2935: Type Confusion in V8 in Google Chrome prior to 114
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2023-2935
vendor_chrome·2023-06-21·CVSS 8.8
CVE-2023-2935 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2023-2935
Long Term Support Channel Update for ChromeOS
CVE-2023-2935
Microsoft
Chromium: CVE-2023-2935 Type Confusion in V8
vendor_msrc·2023-06-13·CVSS 8.8
CVE-2023-2935 [HIGH] Chromium: CVE-2023-2935 Type Confusion in V8
Chromium: CVE-2023-2935 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
114.0.1823.37
6/2/2023
114.0.5735.90/91
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your
Chrome
Stable Channel Update for Desktop: CVE-2023-2934
vendor_chrome·2023-05-30·CVSS 8.8
CVE-2023-2934 [HIGH] Stable Channel Update for Desktop: CVE-2023-2934
Stable Channel Update for Desktop
CVE-2023-2934: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-04-01 [$NA][ 1440695 ] High CVE-2023-2935: Type Confusion in V8
Reported by Sergei Glazunov of Google Project Zero on 2023-04-27 [$NA][ 1443452 ] High CVE-2023-2936: Type Confusion in V8
Severity: high
Debian
CVE-2023-2935: chromium - Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote at...
vendor_debian·2023·CVSS 8.8
CVE-2023-2935 [HIGH] CVE-2023-2935: chromium - Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote at...
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 114.0.5735.90-2~deb12u1)
bullseye: resolved (fixed in 114.0.5735.90-2~deb11u1)
forky: resolved (fixed in 114.0.5735.90-1)
sid: resolved (fixed in 114.0.5735.90-1)
trixie: resolved (fixed in 114.0.5735.90-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/173196/Chrome-v8-internal-Object-SetPropertyWithAccessor-Type-Confusion.htmlhttps://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.htmlhttps://crbug.com/1440695https://security.gentoo.org/glsa/202311-11https://security.gentoo.org/glsa/202401-34https://www.debian.org/security/2023/dsa-5418http://packetstormsecurity.com/files/173196/Chrome-v8-internal-Object-SetPropertyWithAccessor-Type-Confusion.htmlhttps://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_30.htmlhttps://crbug.com/1440695https://security.gentoo.org/glsa/202311-11https://security.gentoo.org/glsa/202401-34https://www.debian.org/security/2023/dsa-5418
2023-05-30
Published