Heap Corruption Vulnerability in Google Chrome Prior to 114.0.5735.110
CVE-2023-3079

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 5 June 2023

Badges

👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

Summary

The CVE-2023-3079 vulnerability in Google Chrome is a high-severity heap corruption vulnerability that allowed a remote attacker to exploit heap corruption via a crafted HTML page. Google released an emergency patch within a day to address the issue, which was actively exploited in the wild. The vulnerability, found by Clément Lecigne of Google’s Threat Analysis Group (TAG), was identified in the V8 JavaScript engine. Users are advised to update their Chrome browser to the latest version to mitigate the risk, and other Chromium-based browsers will also require patching. Google has observed attempts to exploit the vulnerability and has not provided details on the attacks. This is the eighth Chrome zero-day vulnerability patched by Google in 2023, and experts emphasize the need to promptly update and patch vulnerable systems to prevent compromise by attackers.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

Chrome 114.0.5735.110

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-3079
Created by mistymntncop