CVE-2023-6702

HIGH

Google Chrome < 120.0.6099.109 - Remote Code Execution via V8 Type Confusion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-6702. PoCs published by kaist-hacking.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-6702, a type confusion vulnerability in Chrome's V8 engine. The exploit leverages insufficient type checks in async stack trace handling to achieve remote code execution in the Chrome renderer process.

Description

Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Exploits (1)

nomisec WORKING POC 87 stars
by kaist-hacking · poc
https://github.com/kaist-hacking/CVE-2023-6702

This repository contains a functional exploit for CVE-2023-6702, a type confusion vulnerability in Chrome's V8 engine. The exploit leverages insufficient type checks in async stack trace handling to achieve remote code execution in the Chrome renderer process.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Google Chrome pre-120.0.6099.109
No auth needed
Prerequisites: Victim must visit a malicious webpage · Chrome version < 120.0.6099.109
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 8.8
EPSS 0.1071
EPSS Percentile 95.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-843
Status published
Products (3)
fedoraproject/fedora 38
google/chrome < 120.0.6099.109
microsoft/edge_chromium < 120.0.2210.77
Published Dec 14, 2023
Tracked Since Feb 18, 2026