CVE-2023-3420
published 2023-06-26CVE-2023-3420: Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page…
PriorityP267high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
56.19%
98.9th percentile
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 114.0.5735.198-1~deb11u1 | 114.0.5735.198-1~deb11u1 |
| chromium | chromium | >= 0 < 114.0.5735.198-1~deb12u1 | 114.0.5735.198-1~deb12u1 |
| chromium | chromium | >= 0 < 114.0.5735.198-1 | 114.0.5735.198-1 |
| chromium | chromium | >= 0 < 114.0.5735.198-1 | 114.0.5735.198-1 |
| debian | chromium | < chromium 114.0.5735.198-1~deb12u1 (bookworm) | chromium 114.0.5735.198-1~deb12u1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| chrome | < 114.0.5735.198 | 114.0.5735.198 | |
| chrome | >= 114.0.5735.198 < 114.0.5735.198 | 114.0.5735.198 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts targeting WeChat's vulnerable XWalk browser by hunting for HTTP requests containing the MMWEBID/2247 token in the User-Agent string, which identifies the impacted custom browser component. ↗
- →The exploit is triggered via a one-click URL in a WeChat message; monitor for WeChat process (com.tencent.mm) spawning unexpected child processes or loading remote JavaScript payloads via XWalk. ↗
- →On Android devices, look for the presence of the vulnerable library at /data/data/com.tencent.mm/app_xwalk_4433/extracted_xwalkcore/libxwebcore.so, which contains an outdated V8 version (8.6.365.13) susceptible to CVE-2023-3420. ↗
- →Flag User-Agent strings containing both XWEB/4433 and MMWEBID/2247 in web server or proxy logs as indicative of the vulnerable WeChat XWalk component making outbound requests. ↗
- ·The embedded V8 version in WeChat's XWalk (8.6.365.13, released Oct. 12, 2020) is far older than the V8 version (11.4.183.19) for which the CVE-2023-3420 PoC analysis was published, meaning the vulnerability surface may differ slightly from published exploit details. ↗
- ·App auto-update does not reliably deliver the patched XWalk component; manual verification of the XWalk version on the device is required to confirm remediation. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Chrome
Stable Channel Update for Desktop: CVE-2023-3420
vendor_chrome·2023-06-26·CVSS 8.8
CVE-2023-3420 [HIGH] Stable Channel Update for Desktop: CVE-2023-3420
Stable Channel Update for Desktop
CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07 [$10000][ 1447568 ] High CVE-2023-3421: Use after free in Media
Reported by Piotr Bania of Cisco Talos on 2023-05-22 [$5000][ 1450397 ] High CVE-2023-3422: Use after free in Guest View
Severity: high
Microsoft
Chromium: CVE-2023-3420 Type Confusion in V8
vendor_msrc·2023-06-13·CVSS 8.8
CVE-2023-3420 [HIGH] Chromium: CVE-2023-3420 Type Confusion in V8
Chromium: CVE-2023-3420 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
114.0.1823.67
6/29/2023
114.0.5735.198/199
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In yo
Debian
CVE-2023-3420: chromium - Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote a...
vendor_debian·2023·CVSS 8.8
CVE-2023-3420 [HIGH] CVE-2023-3420: chromium - Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote a...
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 114.0.5735.198-1~deb12u1)
bullseye: resolved (fixed in 114.0.5735.198-1~deb11u1)
forky: resolved (fixed in 114.0.5735.198-1)
sid: resolved (fixed in 114.0.5735.198-1)
trixie: resolved (fixed in 114.0.5735.198-1)
GHSA
GHSA-4297-fx5c-x987: Type Confusion in V8 in Google Chrome prior to 114
ghsa_unreviewed·2023-06-26
CVE-2023-3420 [HIGH] CWE-843 GHSA-4297-fx5c-x987: Type Confusion in V8 in Google Chrome prior to 114
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
OSV
CVE-2023-3420: Type Confusion in V8 in Google Chrome prior to 114
osv·2023-06-26·CVSS 8.8
CVE-2023-3420 [HIGH] CVE-2023-3420: Type Confusion in V8 in Google Chrome prior to 114
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
No detection rules found.
No public exploits indexed.
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Ciberamenazas
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primari
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
# MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi
2024/12/05
Read time: ( words)
Save to Folio
#### Summary
- Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
- MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, prim
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi 2024/12/05 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primarily
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyberbedrohungen
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, prim
Trendmicro
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
blogs_trendmicro·2024-12-05
MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Cyber Threats
## MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance.
By: Joseph C Chen, Daniel Lunghi Dec 05, 2024 Read time: ( words)
Save to Folio
## Summary
Trend Micro researchers investigated a group named Earth Minotaur that used the MOONSHINE exploit kit in the wild. MOONSHINE, which has over 55 servers identified as of 2024, has been updated with more exploits and functions compared to its previous version reported in 2019.
MOONSHINE exploit kit targets vulnerabilities in instant messaging apps on Android devices, primari
Talos
Vulnerability in Tencent WeChat custom browser could lead to remote code execution
blogs_talos·2024-09-06·CVSS 8.8
CVE-2023-3420 [HIGH] Vulnerability in Tencent WeChat custom browser could lead to remote code execution
## Vulnerability in Tencent WeChat custom browser could lead to remote code execution
Certain versions of WeChat, a popular messaging app created by tech giant Tencent, contain a type confusion vulnerability that could allow an adversary to execute remote code.
While this issue, CVE-2023-3420, was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported to the vendor in April 2024.
Cisco Talos researchers have confirmed that WeChat versions up to 8.0.42 (the latest version on the Google Play store for Android devices before June 14, 2024) were vulnerable to this issue. However, due to the dynamic WebView loading mechanism, Talos cannot confirm if it’s patched on all versions.
Talos reported the
Talos
Vulnerability in Tencent WeChat custom browser could lead to remote code execution
blogs_talos·2024-09-06·CVSS 8.8
CVE-2023-3420 [HIGH] Vulnerability in Tencent WeChat custom browser could lead to remote code execution
- Certain versions of WeChat, a popular messaging app created by tech giant Tencent, contain a type confusion vulnerability that could allow an adversary to execute remote code.
- While this issue, CVE-2023-3420, was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported to the vendor in April 2024.
- Cisco Talos researchers have confirmed that WeChat versions up to 8.0.42 (the latest version on the Google Play store for Android devices before June 14, 2024) were vulnerable to this issue. However, due to the dynamic WebView loading mechanism, Talos cannot confirm if it’s patched on all versions.
- Talos reported the vulnerability to Tencent WeChat on April 30, 2024, and continued our investigation
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.htmlhttps://crbug.com/1452137https://lists.fedoraproject.org/archives/list/[email protected]/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL/https://lists.fedoraproject.org/archives/list/[email protected]/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/https://security.gentoo.org/glsa/202401-34https://www.debian.org/security/2023/dsa-5440https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.htmlhttps://crbug.com/1452137https://lists.fedoraproject.org/archives/list/[email protected]/message/KREKCQTJDVI2AEBG5ECZPSOQXIC2L5XL/https://lists.fedoraproject.org/archives/list/[email protected]/message/UBAHED5YFJPRGSEKNZIYHZBGSVHGEHOH/https://security.gentoo.org/glsa/202401-34https://www.debian.org/security/2023/dsa-5440
2023-06-26
Published