cbcvebase.
CVE-2023-3420
published 2023-06-26

CVE-2023-3420: Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page…

PriorityP267high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
56.19%
98.9th percentile
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected

11 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 114.0.5735.198-1~deb11u1114.0.5735.198-1~deb11u1
chromiumchromium>= 0 < 114.0.5735.198-1~deb12u1114.0.5735.198-1~deb12u1
chromiumchromium>= 0 < 114.0.5735.198-1114.0.5735.198-1
chromiumchromium>= 0 < 114.0.5735.198-1114.0.5735.198-1
debianchromium< chromium 114.0.5735.198-1~deb12u1 (bookworm)chromium 114.0.5735.198-1~deb12u1 (bookworm)
debiandebian_linux
debiandebian_linux
googlechrome< 114.0.5735.198114.0.5735.198
googlechrome>= 114.0.5735.198 < 114.0.5735.198114.0.5735.198
googlechrome_chrome
msrcmicrosoft_edge

Detection & IOCsextracted from sources · hover to see the quote

path/data/data/com.tencent.mm/app_xwalk_4433/extracted_xwalkcore/libxwebcore.so
path/data/data/com.tencent.mm/app_xwalk_4433/apk/base.apk
  • Detect exploitation attempts targeting WeChat's vulnerable XWalk browser by hunting for HTTP requests containing the MMWEBID/2247 token in the User-Agent string, which identifies the impacted custom browser component.
  • The exploit is triggered via a one-click URL in a WeChat message; monitor for WeChat process (com.tencent.mm) spawning unexpected child processes or loading remote JavaScript payloads via XWalk.
  • On Android devices, look for the presence of the vulnerable library at /data/data/com.tencent.mm/app_xwalk_4433/extracted_xwalkcore/libxwebcore.so, which contains an outdated V8 version (8.6.365.13) susceptible to CVE-2023-3420.
  • Flag User-Agent strings containing both XWEB/4433 and MMWEBID/2247 in web server or proxy logs as indicative of the vulnerable WeChat XWalk component making outbound requests.
  • ·The embedded V8 version in WeChat's XWalk (8.6.365.13, released Oct. 12, 2020) is far older than the V8 version (11.4.183.19) for which the CVE-2023-3420 PoC analysis was published, meaning the vulnerability surface may differ slightly from published exploit details.
  • ·App auto-update does not reliably deliver the patched XWalk component; manual verification of the XWalk version on the device is required to confirm remediation.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.