Login Sign Up

CVE-2023-0701

8.8 HIGH

📋 TL;DR

This vulnerability is a heap buffer overflow in Chrome's WebUI that allows remote attackers to potentially exploit heap corruption by convincing users to perform specific UI interactions. It affects all users running Google Chrome versions prior to 110.0.5481.77. Successful exploitation could lead to arbitrary code execution.

💻 Affected Systems

Products:
  • Google Chrome
  • Chromium-based browsers
Versions: All versions prior to 110.0.5481.77
Operating Systems: Windows, macOS, Linux, Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default Chrome configurations are vulnerable. Other Chromium-based browsers may also be affected.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Chrome process, potentially leading to full system compromise if combined with privilege escalation.

🟠

Likely Case

Browser crash (denial of service) or limited information disclosure from memory corruption.

🟢

If Mitigated

No impact if Chrome is fully patched or if users avoid suspicious UI interactions.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction with specific UI elements, making it less reliable than fully remote exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 110.0.5481.77 and later

Vendor Advisory: https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome 2. Click menu (three dots) → Help → About Google Chrome 3. Chrome will automatically check for and install updates 4. Click 'Relaunch' to restart Chrome

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents exploitation by disabling JavaScript execution in Chrome

chrome://settings/content/javascript → Block

🧯 If You Can't Patch

  • Restrict user access to untrusted websites
  • Use application allowlisting to prevent unauthorized Chrome execution

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: If version is less than 110.0.5481.77, system is vulnerable.

Check Version:

chrome://version/

Verify Fix Applied:

Confirm Chrome version is 110.0.5481.77 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports
  • Unexpected Chrome process termination
  • Memory access violation errors

Network Indicators:

  • Unusual outbound connections from Chrome process

SIEM Query:

source="chrome" AND (event_type="crash" OR message="*buffer overflow*" OR message="*heap corruption*")

📊 Metadata

CVE ID: CVE-2023-0701
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: February 7, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0701, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)