CVE-2023-3079

HIGH KEV

Google Chrome <114.0.5735.110 - Heap Corruption

Title source: llm

Exploitation Summary

CVE-2023-3079 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 7, 2023. EIP tracks 1 public exploit from researchers including mistymntncop.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2023-3079, a V8 engine vulnerability in Chromium. The exploit leverages a bug in the handling of the arguments object to achieve arbitrary memory read/write primitives, leading to remote code execution.

Description

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Exploits (1)

nomisec WORKING POC 130 stars

by mistymntncop · client-side

https://github.com/mistymntncop/CVE-2023-3079

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2023-3079, a V8 engine vulnerability in Chromium. The exploit leverages a bug in the handling of the arguments object to achieve arbitrary memory read/write primitives, leading to remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Chromium V8 engine (versions prior to 115.0.5790.90)

No auth needed

Prerequisites: Vulnerable version of Chromium/V8 engine · Ability to execute JavaScript in the target environment

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11

Core References

Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/176211/Chrome-V8-Type-Confusion.html

Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/176212/Chrome-V8-Type-Confusion-New-Sandbox-Escape.html

Vendor Advisory

https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html

Exploit, Issue Tracking

https://crbug.com/1450481

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/DYTXO5E3FI3I2ETDP3HF4SHYYTFMKMIC/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/U4OXTNIZY4JYHJT7CVLPAJQILI6BISVM/

Third Party Advisory

https://security.gentoo.org/glsa/202311-11

Third Party Advisory

https://security.gentoo.org/glsa/202401-34

Third Party Advisory

https://www.couchbase.com/alerts/

Mailing List, Third Party Advisory

https://www.debian.org/security/2023/dsa-5420

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-3079

Scores

CVSS v3 8.8

EPSS 0.3166

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2023-06-07

VulnCheck KEV 2023-06-01

InTheWild.io 2023-06-01

ENISA EUVD EUVD-2023-43770

CWE

CWE-843

Status published

Products (9)

apple/macos

couchbase/couchbase_server 7.2.0

couchbase/couchbase_server < 7.1.5

debian/debian_linux 11.0

debian/debian_linux 12.0

fedoraproject/fedora 37

fedoraproject/fedora 38

google/chrome < 114.0.5735.110

linux/linux_kernel

Published Jun 05, 2023

KEV Added Jun 07, 2023

Tracked Since Feb 18, 2026