PT-2023-7689 · Google+4 · V8 Javascript Engine+5

Zhiyi Zhang

Publicado

2023-11-14

Atualizado

2025-09-29

CVE-2023-6702

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 120.0.6099.109

Description The issue is related to a type confusion in the V8 JavaScript engine, which can be exploited by a remote attacker using a specially crafted HTML page, potentially leading to heap corruption or arbitrary code execution. The estimated severity of this issue is high. It has been reported that Google paid out $50,000 in bug bounties related to this and other vulnerabilities.

Recommendations For Google Chrome versions prior to 120.0.6099.109, update to version 120.0.6099.109 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied. Avoid using the Promise.any function in sensitive contexts until the issue is resolved.

Exploit

Correção

Type Confusion

Incorrect Type Conversion or Cast

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-843CWE-704

Identificadores relacionados

ALSA-2025_16880

ALT-PU-2023-8110

ALT-PU-2023-8370

ALT-PU-2024-10294

ALT-PU-2024-14286

ALT-PU-2024-14830

BDU:2023-08756

CVE-2023-6702

DSA-5577-1

MGASA-2023-0355

OPENSUSE-SU-2024:0001-1

OPENSUSE-SU-2024:0002-1

OPENSUSE-SU-2024:0020-1

OPENSUSE-SU-2024:13560-1

OPENSUSE-SU-2024:13583-1

OPENSUSE-SU-2024:13585-1

OPENSUSE-SU-2024:14001-1

OPENSUSE-SU-2024_0001-1

OPENSUSE-SU-2024_0002-1

Produtos afetados

Alt Linux

Astra Linux

Google Chrome

Red Os

Suse

V8 Javascript Engine

PT-2023-7689 · Google+4 · V8 Javascript Engine+5

CVE-2023-6702

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 71