CVE-2023-3079

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 10 articles
VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24
1.52%
probability
This CVE has a 1.52% probability of being exploited in the next 30 days.
0% Top 81.5th percentile of all CVEs 100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero
Type confusion in V8

Attack Intelligence

Google Project Zero

Discovered
June 1, 2023
Patched
June 5, 2023
Reported by
Clément Lecigne of Google's Threat Analysis Group
Root Cause Analysis
???

Exploits & PoC

mistymntncop/CVE-2023-3079

PoC CVE-2023-3079 — mistymntncop/CVE-2023-3079

131
1 repo — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
92%
EPSS 1.52%
Mentions 10
Last Seen Jan 16, 2024

CNA Information

Analyst Note

CVE-2023-3079 is a confirmed high-severity type confusion vulnerability in Chrome's V8 engine with active exploitation documented in the wild, as evidenced by multiple reports of it being actively exploited in 2024. The vulnerability carries a CVSS 3.0 score of 8.8 (HIGH) and was formally patched by Google in Chrome 114.0.5735.110, with official coverage from security authorities including CERT-EU.

Threat Actors 7

Lazarus Group
apt_group Information theft and espionage 🇰🇵 KP
APT 28
apt_group Information theft and espionage 🇷🇺 RU
Infy
apt_group Information theft and espionage 🇮🇷 IR
APT24
apt_group Information theft and espionage 🇨🇳 CN
UNC1549
apt_group Information theft and espionage 🇮🇷 IR
PassCV
apt_group Information theft and espionage 🇨🇳 CN
APT 5
apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 03, 2026