What is CVE-2023-4427?

CVE-2023-4427 is a vulnerability in Google Chrome. Published 2023-08-22.

Is CVE-2023-4427 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Google Chrome

CVE-2023-4427

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

EPSS: 0.836 (99.3th percentile) — read the EPSS interpretation.

Affected products

Google Chrome — versions 116.0.5845.110

Public proof-of-concept exploits

tianstcht/CVE-2023-4427
ARPSyndicate/cve-scores
fkie-cad/nvd-json-data-feeds
gmh5225/vulnjs
nomi-sec/PoC-in-GitHub
rycbar77/V8Exploits
rycbar77/rycbar77
sploitem/v8-writeups
sploitem/v8pwn
wh1ant/vulnjs

References

chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html
crbug.com/1470668
www.debian.org/security/2023/dsa-5483
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedK…
security.gentoo.org/glsa/202401-34

Frequently asked questions

What is CVE-2023-4427?: CVE-2023-4427 is a vulnerability in Google Chrome. Published 2023-08-22.
Is CVE-2023-4427 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.