{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2023-035.pdf" }, "title": "Type Confusion Flaw in Google Chrome", "serial_number": "2023-035", "publish_date": "06-06-2023 15:42:20", "description": "Google has released a security update to address a zero-day vulnerability in its Chrome web browser, identified as \"CVE-2023-3079\". The high-severity flaw is a type confusion issue within the V8 JavaScript engine. Google is aware that an exploit for this vulnerability exists in the wild.
\nUsers of Google Chrome are strongly advised to update to the latest version to mitigate potential threats.
\n", "url_title": "2023-035", "content_markdown": "--- \ntitle: 'Type Confusion Flaw in\u00a0Google\u00a0Chrome' \nversion: '1.0'\nnumber: '2023-035'\noriginal_date: 'June 5, 2023'\ndate: 'June 6, 2023'\n---\n\n_History:_\n\n* _06/06/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nGoogle has released a security update to address a _zero-day_ vulnerability in its Chrome web browser, identified as `CVE-2023-3079`. The high-severity flaw is a type confusion issue within the V8 JavaScript engine. Google is aware that **an exploit for this vulnerability exists in the wild**.\n\nUsers of Google Chrome are strongly advised to update to the latest version to mitigate potential threats.\n\n# Technical Details\n\n`CVE-2023-3079` is a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome and other Chromium-based web browsers. Type confusion issues can lead to a crash of the application, or code execution when a user visits a specially crafted and malicious HTML page.\n\nAlthough Google acknowledged the existence of an exploit for `CVE-2023-3079` in the wild, the company has not provided further technical details or indicators of compromise (IoCs) to prevent additional exploitation by threat actors.\n\n# Affected Products\n\nThe following products are affected by `CVE-2023-3079`:\n\n- Google Chrome prior to version `114.0.5735.110` for Windows, and prior to version `114.0.5735.106` for Linux and Mac.\n\n# Recommendations\n\nTo mitigate the risks associated with `CVE-2023-3079`, users are advised to:\n\n- Update Google Chrome to the latest version.\n\n# References\n\n[1] ", "content_html": "

History:

Summary

Google has released a security update to address a zero-day vulnerability in its Chrome web browser, identified as CVE-2023-3079. The high-severity flaw is a type confusion issue within the V8 JavaScript engine. Google is aware that an exploit for this vulnerability exists in the wild.

Users of Google Chrome are strongly advised to update to the latest version to mitigate potential threats.

Technical Details

CVE-2023-3079 is a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome and other Chromium-based web browsers. Type confusion issues can lead to a crash of the application, or code execution when a user visits a specially crafted and malicious HTML page.

Although Google acknowledged the existence of an exploit for CVE-2023-3079 in the wild, the company has not provided further technical details or indicators of compromise (IoCs) to prevent additional exploitation by threat actors.

Affected Products

The following products are affected by CVE-2023-3079:

Recommendations

To mitigate the risks associated with CVE-2023-3079, users are advised to:

References

[1] https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }