⚠ Actively exploited
Added to CISA KEV on 2023-06-07. Federal agencies required to patch by 2023-06-28. Required action: Apply updates per vendor instructions..

CVE-2023-3079

CWE-8439 documents9 sources
Severity
8.8HIGH
EPSS
2.0%
top 16.14%
CISA KEV
KEV
Added 2023-06-07
Due 2023-06-28
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
Google ChromeCouchbase Couchbase ServerDebian Debian Linux+1 more
Timeline
PublishedJun 5
KEV addedJun 7
Latest updateJun 21
KEV dueJun 28
CISA Required Action: Apply updates per vendor instructions.

Description

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5google/chrome114.0.5735.110114.0.5735.110
NVDgoogle/chrome< 114.0.5735.110
Debianchromium< 114.0.5735.106-1~deb11u1+3

Also affects: Debian Linux 11.0, 12.0, Fedora 37, 38

🔴Vulnerability Details

4
GHSA
GHSA-8mwf-hvfp-6xfg: Type confusion in V8 in Google Chrome prior to 1142023-06-06
OSV
CVE-2023-3079: Type confusion in V8 in Google Chrome prior to 1142023-06-05
CVEList
CVE-2023-3079: Type confusion in V8 in Google Chrome prior to 1142023-06-05
VulnCheck
Google Chromium V8 Type Confusion Vulnerability2023

📋Vendor Advisories

4
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2023-30792023-06-21
Microsoft
Chromium: CVE-2023-3079 Type Confusion in V82023-06-13
CISA
Google Chromium V8 Type Confusion Vulnerability2023-06-07
Debian
CVE-2023-3079: chromium - Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote a...2023