HTTP: Google Chrome V8 Engine JSStackCheck Type Confusion

A type confusion vulnerability has been reported in the V8 JavaScript engine of Google Chrome. The vulnerability is due to incorrect side effect modelling of JSStackCheck. A remote attacker could exploit this vulnerability by enticing a user into opening a crafted HTML page. Successful exploitation could result in execution of arbitrary code in the context of the Google Chrome sandbox.

Extended Description

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected Products

Debian debian_linux

References

CVE: CVE-2023-3420

Short Name
HTTP:CTS:CHROME-ENGINE-TYPE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2023-3420 Chrome Confusion Engine Google JSStackCheck Type V8
Release Date
11/17/2023
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3800
False Positive
Unknown
Vendors

Google

Debian

Found a potential security threat?