⚠ Actively exploited
Added to CISA KEV on 2024-02-06. Federal agencies required to patch by 2024-02-27. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2023-4762Type Confusion in Google Chrome

CWE-843Type Confusion8 documents8 sources
Severity
8.8HIGHNVD
EPSS
64.6%
top 1.54%
CISA KEV
KEV
Added 2024-02-06
Due 2024-02-27
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
Google ChromeChromiumMicrosoft Edge Chromium+2 more
Timeline
PublishedSep 5
KEV addedFeb 6
KEV dueFeb 27
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5google/chrome116.0.5845.179116.0.5845.179
NVDgoogle/chrome< 116.0.5845.179
NVDmicrosoft/edge_chromium< 116.0.1938.76
Debianchromium/chromium< 116.0.5845.180-1~deb11u1+3

Also affects: Debian Linux 11.0, 12.0, Fedora 37, 38, 39

Patches

Patch: msrc.microsoft.comPatch: msrc.microsoft.com

🔴Vulnerability Details

4
GHSA
GHSA-3wjr-p76q-rg8q: Type Confusion in V8 in Google Chrome prior to 1162023-09-06
CVEList
CVE-2023-4762: Type Confusion in V8 in Google Chrome prior to 1162023-09-05
OSV
CVE-2023-4762: Type Confusion in V8 in Google Chrome prior to 1162023-09-05
VulnCheck
Google Chromium V8 Type Confusion Vulnerability2023

📋Vendor Advisories

3
CISA
Google Chromium V8 Type Confusion Vulnerability2024-02-06
Microsoft
Chromium: CVE-2023-4762 Type Confusion in V82023-09-12
Debian
CVE-2023-4762: chromium - Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote a...2023
CVE-2023-4762 — Type Confusion in Google Chrome | cvebase