PT-2023-7689 · Google+4 · V8 Javascript Engine+5

Zhiyi Zhang

Published

2023-11-14

Updated

2025-09-29

CVE-2023-6702

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 120.0.6099.109

Description The issue is related to a type confusion in the V8 JavaScript engine, which can be exploited by a remote attacker using a specially crafted HTML page, potentially leading to heap corruption or arbitrary code execution. The estimated severity of this issue is high. It has been reported that Google paid out $50,000 in bug bounties related to this and other vulnerabilities.

Recommendations For Google Chrome versions prior to 120.0.6099.109, update to version 120.0.6099.109 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied. Avoid using the Promise.any function in sensitive contexts until the issue is resolved.

Exploit

Fix

Type Confusion

Incorrect Type Conversion or Cast

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-704

Related Identifiers

ALSA-2025_16880

ALT-PU-2023-8110

ALT-PU-2023-8370

ALT-PU-2024-10294

ALT-PU-2024-14286

ALT-PU-2024-14830

BDU:2023-08756

CVE-2023-6702

DSA-5577-1

MGASA-2023-0355

OPENSUSE-SU-2024:0001-1

OPENSUSE-SU-2024:0002-1

OPENSUSE-SU-2024:0020-1

OPENSUSE-SU-2024:13560-1

OPENSUSE-SU-2024:13583-1

OPENSUSE-SU-2024:13585-1

OPENSUSE-SU-2024:14001-1

OPENSUSE-SU-2024_0001-1

OPENSUSE-SU-2024_0002-1

Affected Products

Alt Linux

Astra Linux

Google Chrome

Red Os

Suse

V8 Javascript Engine

PT-2023-7689 · Google+4 · V8 Javascript Engine+5

CVE-2023-6702

Weakness Enumeration

Related Identifiers

Affected Products

References · 71