CVE-2023-6702: 
vulnerability analysis and mitigation

Type confusion vulnerability (CVE-2023-6702) was discovered in V8 engine of Google Chrome versions prior to 120.0.6099.109. The vulnerability was reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on November 10, 2023, and was publicly disclosed on December 12, 2023. This high-severity vulnerability affects Google Chrome, Microsoft Edge, and other Chromium-based browsers (Chrome Release, NVD).

The vulnerability is classified as a Type Confusion (CWE-843) in the V8 JavaScript engine that could potentially lead to heap corruption when triggered by a crafted HTML page. It received a CVSS v3.1 base score of 8.8 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no privileges required, though user interaction is needed (NVD).

If successfully exploited, this vulnerability could lead to heap corruption, potentially allowing an attacker to execute arbitrary code within the context of the browser. The high CVSS score indicates that the vulnerability could compromise the confidentiality, integrity, and availability of the affected system (NVD).

Google released version 120.0.6099.109 of Chrome to address this vulnerability. Users and administrators are advised to upgrade to this version or later. The fix was also implemented in Microsoft Edge version 120.0.2210.133 and other Chromium-based browsers (Chrome Release, Gentoo Advisory).