CVE-2023-4427
Published: 23 August 2023
Summary
CVE-2023-4427 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Fedoraproject Fedora. Its CVSS base score is 8.1 (High).
Operationally, ranked in the top 0.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The vulnerability is an out-of-bounds memory access flaw in the V8 JavaScript engine in Google Chrome versions prior to 116.0.5845.110. Tracked as CVE-2023-4427 and assigned CWE-125, the issue enables an out-of-bounds memory read and carries a CVSS 3.1 score of 8.1.
A remote attacker can exploit the flaw by serving a specially crafted HTML page to a victim. Successful exploitation allows the attacker to read memory outside expected bounds, resulting in high confidentiality and availability impact while requiring only user interaction and no additional privileges.
Chrome desktop stable update 116.0.5845.110 resolves the vulnerability. Fedora has published corresponding package advisories to deliver the fixed Chrome build to affected Linux systems.
The associated EPSS score reached 0.8360 at peak with no subsequent material rise from a lower baseline.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-54289
Vulnerability details
Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.