Login Sign Up

CVE-2023-4762

8.8 HIGH
Remote Code Execution

📋 TL;DR

This is a type confusion vulnerability in Chrome's V8 JavaScript engine that allows remote attackers to execute arbitrary code by tricking the browser into misinterpreting object types. It affects all users running Chrome versions before 116.0.5845.179. Attackers can exploit this via malicious websites to potentially take full control of the victim's browser.

💻 Affected Systems

Products:
  • Google Chrome
  • Chromium-based browsers
Versions: All versions prior to 116.0.5845.179
Operating Systems: Windows, Linux, macOS, Android
Default Config Vulnerable: ⚠️ Yes
Notes: All default Chrome configurations are vulnerable. Chromium-based browsers like Microsoft Edge, Brave, etc. may also be affected if using vulnerable V8 versions.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Edge Chromium by Microsoft

View all CVEs affecting Edge Chromium →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary code execution, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Browser compromise allowing session hijacking, credential theft, and installation of malicious extensions or malware.

🟢

If Mitigated

Limited impact with browser sandboxing, but potential escape could still lead to system compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious site) but no authentication. Type confusion vulnerabilities in V8 have historically been weaponized in exploit chains.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 116.0.5845.179 and later

Vendor Advisory: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click three dots menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the update.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript execution in Chrome to prevent exploitation

chrome://settings/content/javascript → Block

Use Site Isolation

all

Enable site isolation to contain potential exploitation

chrome://flags/#site-isolation-trial-opt-out → Disabled

🧯 If You Can't Patch

  • Use alternative browsers until patching is possible
  • Implement network filtering to block known malicious sites and restrict browsing

🔍 How to Verify

Check if Vulnerable:

Check Chrome version in About Google Chrome (three dots menu → Help → About Google Chrome). If version is below 116.0.5845.179, you are vulnerable.

Check Version:

google-chrome --version (Linux), "C:\Program Files\Google\Chrome\Application\chrome.exe" --version (Windows)

Verify Fix Applied:

Verify Chrome version is 116.0.5845.179 or higher in About Google Chrome.

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports with V8-related errors
  • Unexpected Chrome process termination
  • Suspicious extension installations

Network Indicators:

  • Connections to known malicious domains serving exploit code
  • Unusual outbound traffic from Chrome processes

SIEM Query:

source="chrome_logs" AND ("V8" OR "type confusion" OR "access violation")

📊 Metadata

CVE ID: CVE-2023-4762
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-843
Published: September 5, 2023
Last Updated: October 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-4762, you might also want to check these:

CVE-2025-47151 9.8

A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when...

Same vulnerability type (CWE-843)
CVE-2025-65570 9.8

A type confusion vulnerability in jsish 2.0 allows incorrect control flow during execution of the OP...

Same vulnerability type (CWE-843)
CVE-2020-25575 9.8

This vulnerability in the Rust failure crate (versions through 0.1.5) involves a type confusion flaw...

Same vulnerability type (CWE-843)