CVE-2023-5346 — Type Confusion in Google Chrome

CWE-843 — Type Confusion12 documents9 sources

Severity

8.8HIGHNVD

EPSS

1.1%

top 21.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Chromium +3 more

Timeline

PublishedOct 5

Latest updateOct 10

Description

Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5google/chrome117.0.5938.149 — 117.0.5938.149

▶NVDgoogle/chrome< 117.0.5938.149

▶googlegoogle/chrome_chrome

▶debiandebian/chromium< chromium 117.0.5938.149-1~deb12u1 (bookworm)

▶Debianchromium/chromium< 117.0.5938.149-1~deb11u1+3

Also affects: Fedora 37, 38, 39

🔴Vulnerability Details

GHSA

GHSA-4vx7-4j56-j894: Type confusion in V8 in Google Chrome prior to 117↗2023-10-05

▶

OSV

CVE-2023-5346: Type confusion in V8 in Google Chrome prior to 117↗2023-10-05

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2023-5346 Type Confusion in V8↗2023-10-10

▶

Chrome

Stable Channel Update for Desktop: CVE-2023-5346↗2023-10-03

▶

Debian

CVE-2023-5346: chromium - Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote a...↗2023

▶

🕵️Threat Intelligence

Trendmicro

The October 2023 Security Update Review↗2023-10-10

▶

Bleepingcomputer

Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws↗2023-10-10

▶

Trendmicro

The October 2023 Security Update Review↗2023-10-10

▶

Trendmicro

The October 2023 Security Update Review↗2023-10-10

▶

Crowdstrike

October 2023 Patch Tuesday: Updates and Analysis↗

▶