Skip to main content

Exploitation of Google Chromium Vulnerability CVE-2023-4762

Exploitation of this vulnerability, which affects multiple products, could lead to arbitrary code execution

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Exploitation of this vulnerability, which affects multiple products, could lead to arbitrary code execution


The following platforms are also known to be affected:

  • Fedora
  • gentoo
  • Debian

Threat details

Introduction

Chromium V8 is an open-source JavaScript and WebAssembly engine developed for Chromium and Google Chrome web browsers. The vulnerability CVE-2023-4762 was reported in September 2023 and concerns Type Confusion in V8 in versions of Chromium prior to 116.0.5845.179.

Microsoft Edge (Chromium-based), which ingests Chromium, is also affected.

A remote attacker could exploit this vulnerability to execute arbitrary code via a crafted HTML page. Exploitation of this vulnerability has been reported.

Exploitation of CVE-2023-4762

In February 2024, CVE-2023-4762 was added to the US Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerability Catalog based on evidence of exploitation in the wild.


Remediation advice

Affected organisations are encouraged to review the Chrome release from September 2023. To remediate against this vulnerability, affected devices should be updated to at least 116.0.5845.179.

To fully remediate against this and other more recent vulnerabilities disclosed for Google Chrome, please visit the current Stable Channel Update for Desktop.

For Microsoft Edge products, please review Chromium: CVE-2023-4762 Type Confusion in V8 for details. 



Last edited: 8 February 2024 3:24 pm