CVE-2023-4427
published 2023-08-23CVE-2023-4427: Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML…
PriorityP259high8.1CVSS 3.1
AVNACLPRNUIRSUCHINAH
EPSS
33.98%
98.2th percentile
Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 116.0.5845.110-1~deb11u1 | 116.0.5845.110-1~deb11u1 |
| chromium | chromium | >= 0 < 116.0.5845.110-1~deb12u1 | 116.0.5845.110-1~deb12u1 |
| chromium | chromium | >= 0 < 116.0.5845.110-1 | 116.0.5845.110-1 |
| chromium | chromium | >= 0 < 116.0.5845.110-1 | 116.0.5845.110-1 |
| debian | chromium | < chromium 116.0.5845.110-1~deb12u1 (bookworm) | chromium 116.0.5845.110-1~deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 116.0.5845.110 | 116.0.5845.110 | |
| chrome | >= 116.0.5845.110 < 116.0.5845.110 | 116.0.5845.110 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via a crafted HTML page delivered remotely, targeting the V8 JavaScript engine's out-of-bounds memory read; monitor for exploitation attempts through browser telemetry on Chrome versions prior to 116.0.5845.110 ↗
- ·Google Chrome versions prior to 116.0.5845.110 are vulnerable; patch to 116.0.5845.110 or later to remediate ↗
- ·Debian packages are also affected; fixed in chromium 116.0.5845.110-1 across bookworm, bullseye, forky, sid, and trixie ↗
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
osv8.1HIGH
vendor_debian8.1HIGH
vendor_msrc8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2023-4427
vendor_chrome·2023-09-21·CVSS 8.1
CVE-2023-4427 [HIGH] Long Term Support Channel Update for ChromeOS: CVE-2023-4427
Long Term Support Channel Update for ChromeOS
CVE-2023-4427
Microsoft
Chromium: CVE-2023-4427: Out of bounds memory access in V8
vendor_msrc·2023-08-08·CVSS 8.1
CVE-2023-4427 [HIGH] Chromium: CVE-2023-4427: Out of bounds memory access in V8
Chromium: CVE-2023-4427: Out of bounds memory access in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Click on Help and Feedback
Click on About Microsoft Edge
Debian
CVE-2023-4427: chromium - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allow...
vendor_debian·2023·CVSS 8.1
CVE-2023-4427 [HIGH] CVE-2023-4427: chromium - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allow...
Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 116.0.5845.110-1~deb12u1)
bullseye: resolved (fixed in 116.0.5845.110-1~deb11u1)
forky: resolved (fixed in 116.0.5845.110-1)
sid: resolved (fixed in 116.0.5845.110-1)
trixie: resolved (fixed in 116.0.5845.110-1)
GHSA
GHSA-qqwc-fhxf-4mf3: Out of bounds memory access in V8 in Google Chrome prior to 116
ghsa_unreviewed·2023-08-23
CVE-2023-4427 [HIGH] CWE-125 GHSA-qqwc-fhxf-4mf3: Out of bounds memory access in V8 in Google Chrome prior to 116
Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
OSV
CVE-2023-4427: Out of bounds memory access in V8 in Google Chrome prior to 116
osv·2023-08-23·CVSS 8.1
CVE-2023-4427 [HIGH] CVE-2023-4427: Out of bounds memory access in V8 in Google Chrome prior to 116
Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.htmlhttps://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.htmlhttps://crbug.com/1470668https://lists.fedoraproject.org/archives/list/[email protected]/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/https://lists.fedoraproject.org/archives/list/[email protected]/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/https://lists.fedoraproject.org/archives/list/[email protected]/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/https://security.gentoo.org/glsa/202401-34https://www.debian.org/security/2023/dsa-5483http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.htmlhttps://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.htmlhttps://crbug.com/1470668https://lists.fedoraproject.org/archives/list/[email protected]/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/https://lists.fedoraproject.org/archives/list/[email protected]/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/https://lists.fedoraproject.org/archives/list/[email protected]/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/https://security.gentoo.org/glsa/202401-34https://www.debian.org/security/2023/dsa-5483
2023-08-23
Published