CVE-2022-3723

CVSS 8.8 HIGHEPSS 6.8%● KEVCWE-843

In short

A flaw in Chrome's V8 engine allowed attackers to confuse data types when processing a malicious webpage, potentially corrupting memory and executing harmful code.

Technical detail

Type confusion vulnerability in V8 engine (CWE-843) enabling heap corruption through crafted HTML. Remote attack vector requiring user interaction to visit malicious page; impacts confidentiality, integrity, and availability of the browser process.

Summary generated and translated by AI from the official description.

Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html https://crbug.com/1378239 https://security.gentoo.org/glsa/202305-10 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3723