Cyber Resilience

CVE-2023-2724

HighPublic PoC

Published: 16 May 2023

Published
16 May 2023
Modified
05 May 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.1042 93.4th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-2724 is a high-severity Type Confusion (CWE-843) vulnerability in Fedoraproject Fedora. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 6.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-2724 is a type confusion vulnerability in the V8 JavaScript engine within Google Chrome versions prior to 113.0.5672.126. The flaw, assigned CWE-843, permits heap corruption when a victim visits a specially crafted HTML page and carries a CVSS 3.1 base score of 8.8 reflecting high impact on confidentiality, integrity, and availability.

A remote attacker can exploit the issue without authentication by serving the malicious page, which triggers the type confusion and subsequent memory corruption. Successful exploitation could allow arbitrary code execution or other damaging actions within the browser process.

Chrome stable-channel updates released on 16 May 2023 address the vulnerability by advancing the browser to version 113.0.5672.126 or later; corresponding Fedora package advisories likewise direct users to apply the patched Chrome builds.

EPSS scores for the CVE reached a peak of 0.1522 after disclosure before settling at the current value of 0.1042, indicating that exploitation interest increased measurably in the weeks following public release.

EU & UK References

Vulnerability details

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

google
chrome
≤ 113.0.5672.126
debian
debian linux
11.0
fedoraproject
fedora
37, 38

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References