CVE-2023-2033

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 13 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

22.79%

probability

This CVE has a 22.79% probability of being exploited in the next 30 days.

0% Top 96.0th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

Type confusion in V8

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-704 · Incorrect Type Conversion CWE-843 · Type Confusion

Google Project Zero

Discovered

April 11, 2023

Patched

April 14, 2023

Reported by

Clement Lecigne of the Google Threat Analysis Group

Root Cause Analysis

???

Exploits & PoC

mistymntncop/CVE-2023-2033

PoC CVE-2023-2033 — mistymntncop/CVE-2023-2033

sandumjacob/CVE-2023-2033-Analysis

A collection of resources and information about CVE-2023-2033

2 repos — triés par ⭐ Rechercher sur GitHub ↗

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

TheHackerNews

Google fixes first actively exploited Chrome zero-day of 2024

BleepingComputer Jan 16, 2024

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

TheHackerNews

Google fixes new Chrome zero-day flaw with exploit in the wild

BleepingComputer Jun 06, 2023

Google patches another actively exploited Chrome zero-day

BleepingComputer Apr 19, 2023

Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released

TheHackerNews

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

TheHackerNews

Google Chrome emergency update fixes first zero-day of 2023

BleepingComputer Apr 14, 2023

Google fixes 8th Chrome zero-day exploited in attacks this year

BleepingComputer Dec 20, 2023

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

TheHackerNews

Google Chrome emergency update fixes 7th zero-day exploited in 2023

BleepingComputer Nov 28, 2023

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

TheHackerNews

Security Advisory 2023-024

CERT-EU Apr 18, 2023

Signal Intelligence

Confidenceⓘ

92%

EPSS 22.79%

Mentions 13

Last Seen Jan 16, 2024

CNA Information

Analyst Note

CVE-2023-2033 is confirmed as a high-severity type confusion vulnerability in Chrome V8 with active exploitation documented by multiple reputable sources including BleepingComputer reporting it as an actively exploited zero-day. The high CVSS score (8.8), official vendor disclosure, and evidence of real-world attacks provide strong confirmation of this vulnerability's legitimacy and severity.

Threat Actors 6

APT 28

apt_group Information theft and espionage 🇷🇺 RU

Infy

apt_group Information theft and espionage 🇮🇷 IR

APT24

apt_group Information theft and espionage 🇨🇳 CN

UNC1549

apt_group Information theft and espionage 🇮🇷 IR

PassCV

apt_group Information theft and espionage 🇨🇳 CN

APT 5

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 03, 2026