CVE-2023-4762 - Google Chromium V8 Type Confusion Vulnerability

Google | Chromium V8

• Date Added:
• 2024-02-06

• Due Date:
• 2024-02-27

Vulnerability Name

Google Chromium V8 Type Confusion Vulnerability

Description

Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html; https://nvd.nist.gov/vuln/detail/CVE-2023-4762

Top Security News

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

Microsoft fixes exploited zero-day (CVE-2024-49138)

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

Abandoned AWS Cloud Storage: A Major Cyberattack Vector

Windows Server 2025 released—here are the new features

Garmin GPS watches crashing, stuck in triangle 'reboot loop'

Windows 11 KB5050094 update fixes bugs causing audio issues

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowX-Content-Type-Options Header Missing

Top CVE List

CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability

CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability

CVE-2020-15069 Sophos XG Firewall Buffer Overflow Vulnerability

CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability

CVE-2018-9276 Paessler PRTG Network Monitor OS Command Injection Vulnerability

CVE-2024-53104 Linux Kernel Out-of-Bounds Write Vulnerability

CVE-2024-21413 Microsoft Outlook Improper Input Validation Vulnerability

CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability

CVE-2024-29059 Microsoft .NET Framework Information Disclosure Vulnerability

Top CWE List

CWE-693 Protection Mechanism Failure

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

MediumCWE-352 Cross-Site Request Forgery (CSRF)

CWE-201 Insertion of Sensitive Information Into Sent Data

HighCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1426 Improper Validation of Generative AI Output

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-284 Improper Access Control

CWE-581 Object Model Violation: Just One of Equals and Hashcode Defined

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor