CVE-2023-3079
high-risk
Published 2023-06-05
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Do I need to act?
~
2.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (9)
References (21)
Third Party Advisory
http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.html
Third Party Advisory
http://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox...
Exploit
https://crbug.com/1450481
Third Party Advisory
https://security.gentoo.org/glsa/202311-11
Third Party Advisory
https://security.gentoo.org/glsa/202401-34
Third Party Advisory
https://www.couchbase.com/alerts/
Mailing List
https://www.debian.org/security/2023/dsa-5420
Third Party Advisory
http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.html
Third Party Advisory
http://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox...
Exploit
https://crbug.com/1450481
Third Party Advisory
https://security.gentoo.org/glsa/202311-11
Third Party Advisory
https://security.gentoo.org/glsa/202401-34
Third Party Advisory
https://www.couchbase.com/alerts/
Mailing List
https://www.debian.org/security/2023/dsa-5420
and 1 more references
57
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
12/34 · Low
Exposure
15/34 · Moderate