Login Sign Up

CVE-2023-1227

8.8 HIGH

📋 TL;DR

This is a use-after-free vulnerability in Google Chrome's Core component on Lacros that allows heap corruption through crafted UI interactions. Attackers can potentially execute arbitrary code or cause crashes by tricking users into specific UI actions. Affects Chrome users on Lacros systems before version 111.0.5563.64.

💻 Affected Systems

Products:
  • Google Chrome
  • Chromium-based browsers
Versions: Prior to 111.0.5563.64
Operating Systems: ChromeOS with Lacros, Linux with Lacros
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects Lacros (Linux And Chrome OS) architecture where browser and OS are separated

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or persistent malware installation

🟠

Likely Case

Browser crash, denial of service, or limited memory corruption leading to instability

🟢

If Mitigated

No impact if patched or if user avoids malicious UI interactions

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires user interaction with crafted UI elements; no public exploit code available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 111.0.5563.64 and later

Vendor Advisory: https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome
2. Click menu (three dots) → Help → About Google Chrome
3. Chrome will automatically check for and install updates
4. Click 'Relaunch' to restart Chrome with the update

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents malicious UI interactions that could trigger the vulnerability

chrome://settings/content/javascript → Block

Use Chrome Sandbox

all

Ensure Chrome sandbox is enabled to limit impact if exploited

Check chrome://sandbox/ for sandbox status

🧯 If You Can't Patch

  • Restrict user access to untrusted websites
  • Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Chrome version in settings; if below 111.0.5563.64, you are vulnerable

Check Version:

google-chrome --version (Linux) or check chrome://settings/help

Verify Fix Applied:

Confirm Chrome version is 111.0.5563.64 or higher

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports
  • Unexpected process termination
  • Memory access violation logs

Network Indicators:

  • Unusual outbound connections after UI interaction
  • Traffic to known malicious domains

SIEM Query:

source="chrome" AND (event_type="crash" OR error="access_violation")

📊 Metadata

CVE ID: CVE-2023-1227
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: March 7, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1227, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)