What is CVE-2023-3420?

CVE-2023-3420 is a vulnerability in Google Chrome. Published 2023-06-26.

Is CVE-2023-3420 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Google Chrome

CVE-2023-3420

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

EPSS: 0.621 (99.1th percentile) — read the EPSS interpretation.

Affected products

Google Chrome — versions 114.0.5735.198

Public proof-of-concept exploits

gmh5225/vulnjs
paulsery/CVE_
wh1ant/vulnjs

References

chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
crbug.com/1452137
www.debian.org/security/2023/dsa-5440
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
security.gentoo.org/glsa/202401-34

Frequently asked questions

What is CVE-2023-3420?: CVE-2023-3420 is a vulnerability in Google Chrome. Published 2023-06-26.
Is CVE-2023-3420 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.