CVE-2023-2033

HIGH KEV

Google Chrome < 112.0.5615.121 - Type Confusion

Title source: rule

Description

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Exploits (6)

nomisec WORKING POC 66 stars

by mistymntncop · client-side

https://github.com/mistymntncop/CVE-2023-2033

View Code ZIP pw:eip

nomisec WORKING POC 19 stars

by sandumjacob · poc

https://github.com/sandumjacob/CVE-2023-2033-Analysis

View Code ZIP pw:eip

nomisec STUB 4 stars

by insoxin · poc

https://github.com/insoxin/CVE-2023-2033

View Code ZIP pw:eip

nomisec STUB

by tianstcht · poc

https://github.com/tianstcht/CVE-2023-2033

View Code ZIP pw:eip

nomisec NO CODE

by gretchenfrage · poc

https://github.com/gretchenfrage/CVE-2023-2033-analysis

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

client-side

https://github.com/rycbar77/V8Exploits

View Code ZIP pw:eip

References (12)

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html

[Permissions Required] https://crbug.com/1432210

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/

[Mailing List] https://lists.fedoraproject.org/archives/list/[email protected]/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/

[Third Party Advisory] https://security.gentoo.org/glsa/202309-17

[Third Party Advisory] https://www.couchbase.com/alerts/

[Third Party Advisory] https://www.debian.org/security/2023/dsa-5390

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-2033

Scores

CVSS v3 8.8

EPSS 0.2518

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-04-17

VulnCheck KEV 2023-04-11

InTheWild.io 2023-04-11

ENISA EUVD EUVD-2023-33560

CWE

CWE-843

Status published

Products (7)

couchbase/couchbase_server 7.2.0

couchbase/couchbase_server < 7.1.5

debian/debian_linux 11.0

fedoraproject/fedora 36

fedoraproject/fedora 37

fedoraproject/fedora 38

google/chrome < 112.0.5615.121

Published Apr 14, 2023

KEV Added Apr 17, 2023

Tracked Since Feb 18, 2026