CVE-2023-4427

HIGH

Google Chrome < 116.0.5845.110 - Out-of-bounds Read in V8

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-4427. PoCs published by tianstcht.

AI-analyzed exploit summary The repository provides a technical summary of CVE-2023-4427, referencing a Project Zero report and discussing ASLR bypass techniques using iframes and brute-forcing. It mentions the exploit for V8 is lost but provides context for understanding the vulnerability.

Description

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Exploits (1)

nomisec WRITEUP 27 stars
by tianstcht · poc
https://github.com/tianstcht/CVE-2023-4427

The repository provides a technical summary of CVE-2023-4427, referencing a Project Zero report and discussing ASLR bypass techniques using iframes and brute-forcing. It mentions the exploit for V8 is lost but provides context for understanding the vulnerability.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: Chrome 117.0.5938.62 (Linux)
No auth needed
Prerequisites: Chrome 117.0.5938.62 on Linux · ASLR bypass setup (e.g., iframes, brute-forcing) · Understanding of V8 exploit development
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (8)

Core 8
Core References
Permissions Required
https://crbug.com/1470668

Scores

CVSS v3 8.1
EPSS 0.3398
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125
Status published
Products (4)
fedoraproject/fedora 37
fedoraproject/fedora 38
fedoraproject/fedora 39
google/chrome < 116.0.5845.110
Published Aug 23, 2023
Tracked Since Feb 18, 2026