{"vulnerability": "CVE-2023-4069", "sightings": [{"uuid": "63743380-c30d-4398-bde3-4a3a1c18f342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4069", "type": "seen", "source": "https://t.me/true_secator/4689", "content": "Google \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e\u0431 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 Chrome 115 \u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 17 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 11 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432, \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0442\u0440\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u044b \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 V8 JavaScript \u0438 WebAssembly, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u0440\u0438\u043d\u0435\u0441\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0431\u043e\u043b\u0435\u0435 60 000 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u044f.\n\n43 000 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0443\u0448\u043b\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u043f\u043e \u0438\u043c\u0435\u043d\u0438 \u0414\u0436\u0435\u0440\u0440\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u043e \u0434\u0432\u0443\u0445 \u0438\u0437 \u044d\u0442\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c V8, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0445 \u043a\u0430\u043a CVE-2023-4068 \u0438 CVE-2023-4070.\n\n\u041d\u0430\u0433\u0440\u0430\u0434\u0430 \u0437\u0430 \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0440\u0430\u0437\u043c\u0435\u0440\u0435 21 000 \u0434\u043e\u043b\u043b\u0430\u0440\u043e\u0432 \u0421\u0428\u0410 \u0431\u044b\u043b\u0430 \u043f\u0440\u0438\u0441\u0443\u0436\u0434\u0435\u043d\u0430 \u041c\u0430\u043d \u042e\u044d \u041c\u043e \u0438\u0437 GitHub Security Lab \u0437\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u043e\u0431 \u043e\u0448\u0438\u0431\u043a\u0435 \u0432 WebAssembly, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u043a\u0430\u043a CVE-2023-4069.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Chrome \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u0448\u0435\u0441\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\u00a0\u0421\u0443\u0434\u044f \u043f\u043e \u0441\u0443\u043c\u043c\u0430\u043c \u0432\u043e\u0437\u043d\u0430\u0433\u0440\u0430\u0436\u0434\u0435\u043d\u0438\u0439, \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0438\u0437 \u043d\u0438\u0445 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f CVE-2023-4071, \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0431\u0443\u0444\u0435\u0440\u0430 \u043a\u0443\u0447\u0438 \u0432 Visuals.\n\n\u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u043f\u043e \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0441\u0442\u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0447\u0442\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 WebGL (CVE-2023-4072), \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0430\u043c\u044f\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0443\u0440\u043e\u0432\u043d\u044f \u0430\u0431\u0441\u0442\u0440\u0430\u043a\u0446\u0438\u0438 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0434\u0432\u0438\u0436\u043a\u0430 ANGLE (CVE-2023-4073).\n\n\u041e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u0442\u0440\u0438 \u0434\u0435\u0444\u0435\u043a\u0442\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043e \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0430\u043b\u043e\u0441\u044c \u0438\u0437\u0432\u043d\u0435, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u043f\u043b\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u0437\u0430\u0434\u0430\u0447 Blink, Cast \u0438 WebRTC.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0432\u0435\u0440\u0441\u0438\u044f Chrome \u0442\u0430\u043a\u0436\u0435 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0434\u0432\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f\u0445 \u0438 \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442\u0441\u044f \u043a\u0430\u043a 115.0.5790.170 \u0434\u043b\u044f Mac \u0438 Linux \u0438 115.0.5790.170/.171 \u0434\u043b\u044f Windows.", "creation_timestamp": "2023-08-03T15:05:05.000000Z"}, {"uuid": "a7f5efbc-1e58-4941-8594-c17fff780d82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4069", "type": "published-proof-of-concept", "source": "https://t.me/cKure/13080", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 An Introduction to Chrome Exploitation - Maglev Edition. The post includes CVE-2023-4069.\n\nhttps://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/", "creation_timestamp": "2024-06-07T22:53:57.000000Z"}, {"uuid": "41493e0e-6a16-493b-ab95-ff1ab8000662", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4069", "type": "seen", "source": "https://t.me/arpsyndicate/2674", "content": "#ExploitObserverAlert\n\nCVE-2023-4069\n\nDESCRIPTION: Exploit Observer has 8 entries related to CVE-2023-4069. Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\nFIRST-EPSS: 0.002220000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2024-01-08T19:47:48.000000Z"}, {"uuid": "3892264f-299f-4de1-826c-9bbb906fb75b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4069", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3477", "content": "https://github.blog/2023-10-17-getting-rce-in-chrome-with-incomplete-object-initialization-in-the-maglev-compiler/\nCVE-2023-4069", "creation_timestamp": "2023-10-26T06:10:31.000000Z"}, {"uuid": "94186263-0726-4ff4-9d18-37e32f329e3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4069", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1362", "content": "https://github.blog/2023-10-17-getting-rce-in-chrome-with-incomplete-object-initialization-in-the-maglev-compiler/\nCVE-2023-4069", "creation_timestamp": "2023-10-26T13:37:24.000000Z"}, {"uuid": "e8c199c2-d19b-40a7-ae9c-338d5130d9ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-40692", "type": "seen", "source": "https://t.me/ctinow/158732", "content": "https://ift.tt/dXoAj01\nCVE-2023-40692 | IBM DB2/DB2 Connect Server 10.5/11.1/11.5 resource consumption (XFDB-264807)", "creation_timestamp": "2023-12-23T08:38:47.000000Z"}, {"uuid": "c29b2bd9-caaf-4d11-a40d-cefa27acb79f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4069", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9265", "content": "#exploit\n1. CVE-2023-4069:\nGetting RCE in Chrome with incomplete object initialization in the Maglev compiler\nhttps://github.blog/2023-10-17-getting-rce-in-chrome-with-incomplete-object-initialization-in-the-maglev-compiler\n\n2. CVE-2022-23131:\nZabbix SAML Bypass\nhttps://github.com/Mr-xn/cve-2022-23131\n]-&gt; https://github.com/r10lab/CVE-2022-23131", "creation_timestamp": "2023-10-26T10:59:01.000000Z"}, {"uuid": "70504d2a-5500-4ee9-bc70-8b4ca318f797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4069", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1546", "content": "#exploit\n1. CVE-2023-4069:\nGetting RCE in Chrome with incomplete object initialization in the Maglev compiler\nhttps://github.blog/2023-10-17-getting-rce-in-chrome-with-incomplete-object-initialization-in-the-maglev-compiler\n\n2. CVE-2022-23131:\nZabbix SAML Bypass\nhttps://github.com/Mr-xn/cve-2022-23131\n]-&gt; https://github.com/r10lab/CVE-2022-23131", "creation_timestamp": "2024-08-16T08:40:07.000000Z"}]}