Cyber Resilience

CVE-2023-4762

HighCISA KEVActive ExploitationEUVD Exploited

Published: 05 September 2023

Published
05 September 2023
Modified
24 October 2025
KEV Added
06 February 2024
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.5580 98.1th percentile
Risk Priority 71 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-4762 is a high-severity Type Confusion (CWE-843) vulnerability in Fedoraproject Fedora. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 1.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

Type Confusion in the V8 JavaScript engine affected Google Chrome versions prior to 116.0.5845.179. The flaw, assigned CWE-843, carried a CVSS 3.1 score of 8.8 reflecting network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.

A remote attacker could exploit the issue by serving a specially crafted HTML page; successful exploitation would allow arbitrary code execution in the context of the browser process after the victim visits the page.

The referenced Chrome stable-channel update and subsequent Fedora package advisories direct users to upgrade to version 116.0.5845.179 or later to eliminate the vulnerability.

The EPSS probability rose from a low post-disclosure baseline to a peak of 0.8264 on 2024-09-11 before receding to the current value of 0.5580, indicating that exploitation interest emerged more than a year after the initial publication.

EU & UK References

Vulnerability details

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CWE(s)
KEV Date Added
06 February 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

google
chrome
≤ 116.0.5845.179
debian
debian linux
11.0, 12.0
fedoraproject
fedora
37, 38, 39
microsoft
edge chromium
≤ 116.0.1938.76

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor-supplied patch that eliminates the type-confusion flaw in V8 before arbitrary code execution can occur.

prevent

Enforces configuration settings such as mandatory auto-update policies or approved browser versions that block use of the vulnerable Chrome build.

detect

Requires continuous vulnerability scanning to identify systems running Chrome versions prior to 116.0.5845.179 that remain susceptible to the crafted HTML exploit.

References