CVE-2023-2724
Published: 16 May 2023
Summary
CVE-2023-2724 is a high-severity Type Confusion (CWE-843) vulnerability in Fedoraproject Fedora. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 6.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-2724 is a type confusion vulnerability in the V8 JavaScript engine within Google Chrome versions prior to 113.0.5672.126. The flaw, assigned CWE-843, permits heap corruption when a victim visits a specially crafted HTML page and carries a CVSS 3.1 base score of 8.8 reflecting high impact on confidentiality, integrity, and availability.
A remote attacker can exploit the issue without authentication by serving the malicious page, which triggers the type confusion and subsequent memory corruption. Successful exploitation could allow arbitrary code execution or other damaging actions within the browser process.
Chrome stable-channel updates released on 16 May 2023 address the vulnerability by advancing the browser to version 113.0.5672.126 or later; corresponding Fedora package advisories likewise direct users to apply the patched Chrome builds.
EPSS scores for the CVE reached a peak of 0.1522 after disclosure before settling at the current value of 0.1042, indicating that exploitation interest increased measurably in the weeks following public release.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-34188
Vulnerability details
Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.