Login Sign Up

CVE-2023-0703

8.8 HIGH

📋 TL;DR

This vulnerability involves type confusion in Chrome DevTools that could allow heap corruption through specific UI interactions. Attackers could potentially exploit this by tricking users into performing certain actions in DevTools. All Chrome users prior to version 110.0.5481.77 are affected.

💻 Affected Systems

Products:
  • Google Chrome
  • Chromium-based browsers
Versions: All versions prior to 110.0.5481.77
Operating Systems: Windows, macOS, Linux, Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user interaction with DevTools UI; not exploitable through normal web browsing alone.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or malware installation.

🟠

Likely Case

Browser crash or instability, with potential for limited data exposure or sandbox escape.

🟢

If Mitigated

Minimal impact if Chrome sandboxing works as intended, potentially just a browser crash.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Requires social engineering to convince user to perform specific DevTools interactions; not a drive-by exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 110.0.5481.77 and later

Vendor Advisory: https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome settings 2. Click 'About Chrome' 3. Allow Chrome to update automatically 4. Restart Chrome when prompted

🔧 Temporary Workarounds

Disable DevTools

all

Prevent access to Chrome DevTools to eliminate attack surface

chrome://flags/#enable-devtools-experiments
Set to Disabled

Restrict DevTools Access

windows

Use group policies to limit who can access DevTools

🧯 If You Can't Patch

  • Implement application allowlisting to prevent unauthorized Chrome usage
  • Use network segmentation to isolate Chrome instances from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Check Chrome version in settings; if below 110.0.5481.77, system is vulnerable

Check Version:

chrome://version/

Verify Fix Applied:

Confirm Chrome version is 110.0.5481.77 or higher

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports
  • Unexpected DevTools usage patterns
  • Memory access violations in system logs

Network Indicators:

  • Unusual outbound connections following Chrome crashes

SIEM Query:

source="chrome_crash_reports" AND version<"110.0.5481.77"

📊 Metadata

CVE ID: CVE-2023-0703
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-843
Published: February 7, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0703, you might also want to check these:

CVE-2025-47151 9.8

A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when...

Same vulnerability type (CWE-843)
CVE-2025-65570 9.8

A type confusion vulnerability in jsish 2.0 allows incorrect control flow during execution of the OP...

Same vulnerability type (CWE-843)
CVE-2020-25575 9.8

This vulnerability in the Rust failure crate (versions through 0.1.5) involves a type confusion flaw...

Same vulnerability type (CWE-843)