What is CVE-2023-6702?

CVE-2023-6702 is a vulnerability in Google Chrome. Published 2023-12-14.

Is CVE-2023-6702 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Google Chrome

CVE-2023-6702

Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

EPSS: 0.585 (98.2th percentile) — read the EPSS interpretation.

Affected products

Google Chrome — versions 120.0.6099.109

Public proof-of-concept exploits

kaist-hacking/CVE-2023-6702
nomi-sec/PoC-in-GitHub

References

chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_12.html
crbug.com/1501326
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
security.gentoo.org/glsa/202401-34

Frequently asked questions

What is CVE-2023-6702?: CVE-2023-6702 is a vulnerability in Google Chrome. Published 2023-12-14.
Is CVE-2023-6702 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.