Google Chromium V8 Engine Type Confusion Vulnerability - 20230418002

Overview

The WA SOC has observed Google Chromium V8 which contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time. Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

What is the vulnerability?

CVE-2023-2033 - NVD score not yet provided.

What is vulnerable?

The vulnerability affects the following products:

• Google Chromium V8 Engine

What has been observed?

CISA has listed this vulnerabilty in their Known Exploited Vulnerabilities Catalog

Recommendation

The WA SOC encourages users and administrators to review the Google Chromium V8 Engine Type Confusion Vulnerability Advisories page for more information and apply the necessary updates.

Additional References

• https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
• https://crbug.com/1432210
• https://www.debian.org/security/2023/dsa-5390