Login Sign Up

CVE-2023-3079

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability is a type confusion flaw in Chrome's V8 JavaScript engine that allows a remote attacker to trigger heap corruption by tricking the engine into misinterpreting data types. Attackers can exploit this via a malicious HTML page to potentially execute arbitrary code or escape sandbox protections. All users of affected Chrome versions are at risk when visiting untrusted websites.

💻 Affected Systems

Products:
  • Google Chrome
  • Chromium-based browsers
Versions: All versions prior to 114.0.5735.110
Operating Systems: Windows, macOS, Linux, Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard Chrome installations are vulnerable. Embedded Chromium instances may also be affected.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Couchbase Server by Couchbase

View all CVEs affecting Couchbase Server →

Couchbase Server by Couchbase

View all CVEs affecting Couchbase Server →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full remote code execution leading to complete system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Browser compromise allowing session hijacking, credential theft, and installation of malware through drive-by attacks.

🟢

If Mitigated

Limited impact due to Chrome's sandbox, potentially only browser process compromise without system-level access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Proof-of-concept code is publicly available. The vulnerability requires user interaction (visiting malicious page) but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 114.0.5735.110 and later

Vendor Advisory: https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome menu > Help > About Google Chrome. 2. Chrome will automatically check for and install updates. 3. Click 'Relaunch' when prompted to restart Chrome with the updated version.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript execution in Chrome to prevent exploitation

chrome://settings/content/javascript > Block

Use Site Isolation

all

Enable site isolation to limit impact of potential exploitation

chrome://flags/#site-isolation-trial-opt-out > Disabled

🧯 If You Can't Patch

  • Use alternative browsers until Chrome can be updated
  • Implement network filtering to block known malicious domains hosting exploit code

🔍 How to Verify

Check if Vulnerable:

Check Chrome version via chrome://version and compare to affected versions

Check Version:

google-chrome --version (Linux) or check chrome://version

Verify Fix Applied:

Confirm Chrome version is 114.0.5735.110 or higher

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports with V8-related errors
  • Unexpected Chrome process termination

Network Indicators:

  • Requests to known exploit hosting domains
  • Unusual outbound connections from Chrome processes

SIEM Query:

source="chrome" AND (event_type="crash" OR message="V8")

📊 Metadata

CVE ID: CVE-2023-3079
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-843
Published: June 5, 2023
Last Updated: October 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3079, you might also want to check these:

CVE-2025-47151 9.8

A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when...

Same vulnerability type (CWE-843)
CVE-2025-65570 9.8

A type confusion vulnerability in jsish 2.0 allows incorrect control flow during execution of the OP...

Same vulnerability type (CWE-843)
CVE-2020-25575 9.8

This vulnerability in the Rust failure crate (versions through 0.1.5) involves a type confusion flaw...

Same vulnerability type (CWE-843)