Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2023-3079

Published: 05/06/2023 Updated: 31/01/2024
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Chrome

Vulnerability Summary

Type confusion in V8 in Google Chrome before 114.0.5735.110 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

fedoraproject fedora 38

debian debian linux 11.0

debian debian linux 12.0

Vendor Advisories

Debian Security Advisories: DSA-5420-1 chromium -- security update
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure For the stable distribution (bullseye), this problem has been fixed in version 11405735106-1~deb11u1 For the upcoming stable distribution (bookworm), these problems have been fixed in version ...
Google Chrome: Stable Channel Update for Desktop
The Stable and extended stable channels has been updated to 11405735106 for Mac and Linux and 11405735110 for Windows, which will roll out over the coming days/weeks A full list of changes in this build is available in the logSecurity Fixes and RewardsNote: Access to bug details and links may be kept restricted until a m ...
Google Chrome: Long Term Support Channel Update for ChromeOS
LTS-108 is being updated in the LTS channel to 10805359235 (Platform Version: 15183980) for most ChromeOS devices Want to know more about Long Term Support? Click hereThis update contains multiple Security fixes, including:1450481 High  CVE-2023-3079 Type Confusion in V81440695 High CVE-2023- ...

Github Repositories

https://github.com/vu-ls/Zenbleed-Chrome-PoC

Exploiting Zenbleed from Chrome This repository contains a proof-of-concept for exploiting Zenbleed from Chrome using a V8 vulnerability which enbles arbitrary code execution in the renderer process The target Chrome version is 1140573590 on Linux The vulnerability exploited in CVE-2023-3079 The proof-of-concept largely builds on the efforts of @mistymntncop and @taviso

https://github.com/mistymntncop/CVE-2023-3079

Exploit for CVE-2023-3079 Shoutout to @_clem1 for finding the ITW exploit Shoutout to @alisaesage for her prior RCA on the bug Shoutout to @buptsb for his notes on the bug

https://github.com/kestryix/tisc-2023-writeups

TISC 2023 Write Up Level 1 - Disk Archaeology In this challenge, we were provided with challengeimg, which contained ext4 filesystem data As this is a forensics challenge, I started off by opening the image file in Autopsy Once everything has loaded, we were able to see that there is a file of interest, an ELF binary,under the 'Deleted Files' category In order to

https://github.com/Uniguri/CVE-1day

CVE-1day My 1-day studies CVE list CVE-2018-17463 (Chrome/V8) CVE-2023-3079 (Chrome/V8) CVE-2023-4762 (Chrome/V8) CVE-2024-0517 (Chrome/V8)

Recent Articles

IT threat evolution in Q2 2023. Non-mobile statistics
Securelist • AMR • 30 Aug 2023

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2023: Kaspersky solutions blocked 801,934,281 attacks from online resources across the globe. A total of 209,716,810 unique links were detected by Web ...

Read more...

References

CWE-843https://crbug.com/1450481https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.htmlhttps://www.debian.org/security/2023/dsa-5420https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4OXTNIZY4JYHJT7CVLPAJQILI6BISVM/https://www.couchbase.com/alerts/https://security.gentoo.org/glsa/202311-11http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.htmlhttp://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox-Escape.htmlhttps://security.gentoo.org/glsa/202401-34https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5420
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook