CVE-2023-3217
published 2023-06-13CVE-2023-3217: Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page…
PriorityP358high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
13.31%
95.9th percentile
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 114.0.5735.133-1~deb11u1 | 114.0.5735.133-1~deb11u1 |
| chromium | chromium | >= 0 < 114.0.5735.133-1~deb12u1 | 114.0.5735.133-1~deb12u1 |
| chromium | chromium | >= 0 < 114.0.5735.133-1 | 114.0.5735.133-1 |
| chromium | chromium | >= 0 < 114.0.5735.133-1 | 114.0.5735.133-1 |
| debian | chromium | < chromium 114.0.5735.133-1~deb12u1 (bookworm) | chromium 114.0.5735.133-1~deb12u1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 114.0.5735.133 | 114.0.5735.133 | |
| chrome | >= 114.0.5735.133 < 114.0.5735.133 | 114.0.5735.133 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via a crafted HTML page exploiting a use-after-free in the WebXR component of Chromium-based browsers; monitor for suspicious WebXR API usage in browser telemetry. ↗
- →Attack is remotely initiated and requires no local access; heap corruption exploitation via WebXR suggests monitoring for renderer process crashes or heap spray patterns in Chrome/Edge processes. ↗
- ·Fixed in Google Chrome 114.0.5735.133; any Chrome installation below this version is vulnerable. ↗
- ·Debian packages are also affected; fixed versions are available for bookworm, bullseye, forky, sid, and trixie. ↗
- ·Vulnerability was reported by Sergei Glazunov of Google Project Zero on 2023-06-01, indicating it was discovered by a reputable researcher and may have been under coordinated disclosure. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-3217: Use after free in WebXR in Google Chrome prior to 114
osv·2023-06-13·CVSS 8.8
CVE-2023-3217 [HIGH] CVE-2023-3217: Use after free in WebXR in Google Chrome prior to 114
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
GHSA
GHSA-2rpx-x37c-9w5p: Use after free in WebXR in Google Chrome prior to 114
ghsa_unreviewed·2023-06-13
CVE-2023-3217 [HIGH] CWE-416 GHSA-2rpx-x37c-9w5p: Use after free in WebXR in Google Chrome prior to 114
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Microsoft
Chromium: CVE-2023-3217 Use after free in WebXR
vendor_msrc·2023-06-13·CVSS 8.8
CVE-2023-3217 [HIGH] Chromium: CVE-2023-3217 Use after free in WebXR
Chromium: CVE-2023-3217 Use after free in WebXR
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Click on Help and Feedback
Click on About Microsoft Edge
FAQ: What
Chrome
Stable Channel Update for Desktop: CVE-2023-3217
vendor_chrome·2023-06-13·CVSS 8.8
CVE-2023-3217 [HIGH] Stable Channel Update for Desktop: CVE-2023-3217
Stable Channel Update for Desktop
CVE-2023-3217: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero on 2023-06-01 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
Severity: high
Debian
CVE-2023-3217: chromium - Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remot...
vendor_debian·2023·CVSS 8.8
CVE-2023-3217 [HIGH] CVE-2023-3217: chromium - Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remot...
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 114.0.5735.133-1~deb12u1)
bullseye: resolved (fixed in 114.0.5735.133-1~deb11u1)
forky: resolved (fixed in 114.0.5735.133-1)
sid: resolved (fixed in 114.0.5735.133-1)
trixie: resolved (fixed in 114.0.5735.133-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/173495/Chrome-device-OpenXrApiWrapper-InitSession-Heap-Use-After-Free.htmlhttps://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.htmlhttps://crbug.com/1450601https://lists.fedoraproject.org/archives/list/[email protected]/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR/https://lists.fedoraproject.org/archives/list/[email protected]/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/https://security.gentoo.org/glsa/202311-11https://security.gentoo.org/glsa/202401-34https://www.debian.org/security/2023/dsa-5428http://packetstormsecurity.com/files/173495/Chrome-device-OpenXrApiWrapper-InitSession-Heap-Use-After-Free.htmlhttps://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.htmlhttps://crbug.com/1450601https://lists.fedoraproject.org/archives/list/[email protected]/message/JEH75UOM7FAXDUPC37YHP7ONL2HSDIJR/https://lists.fedoraproject.org/archives/list/[email protected]/message/O362DC3ZCFRXVHOXMPIL73YOWABQEUYD/https://security.gentoo.org/glsa/202311-11https://security.gentoo.org/glsa/202401-34https://www.debian.org/security/2023/dsa-5428
2023-06-13
Published