What is the severity of CVE-2023-2133?

The severity of CVE-2023-2133 is High.

How can a remote attacker exploit CVE-2023-2133?

A remote attacker can potentially exploit CVE-2023-2133 by using a crafted HTML page to exploit heap corruption in the Service Worker API.

Which software is affected by CVE-2023-2133?

The following software is affected by CVE-2023-2133: Google Chrome prior to 112.0.5615.137, Microsoft Edge (Chromium-based), Microsoft Edge version 112.0.1722.58, Debian Debian Linux version 11.0, Fedoraproject Fedora versions 36, 37, and 38.

Is there a fix available for CVE-2023-2133?

Yes, the fix for CVE-2023-2133 is available in Google Chrome version 112.0.5615.137.

Where can I find more information about CVE-2023-2133?

You can find more information about CVE-2023-2133 at the following references: [1](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2133), [2](https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html), [3](https://crbug.com/1429197).

Vulnerability/
CVE-2023-2133

high

8.8

CWE

787

30/3/2023

19/4/2023

7/10/2024

CVE-2023-2133: Out of bounds memory access in Service Worker API

First published: Thu Mar 30 2023(Updated: )

<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2023">Google Chrome Releases</a> for more information.</p>

Credit: Rong Jian VRI chrome-cve-admin@google.com chrome-cve-admin@google.com

Affected Software	Affected Version	How to fix
	<112.0.5615.137	112.0.5615.137
Google Chrome	<112.0.5615.137
Debian Debian Linux	=11.0
Fedoraproject Fedora	=36
Fedoraproject Fedora	=37
Fedoraproject Fedora	=38
Microsoft Edge (Chromium-based)		fix available externally
Microsoft Edge	<112.0.1722.58
debian/chromium	<=90.0.4430.212-1~deb10u1	116.0.5845.180-1~deb11u1 119.0.6045.123-1~deb11u1 116.0.5845.180-1~deb12u1 119.0.6045.123-1~deb12u1 119.0.6045.105-1 119.0.6045.123-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

2950018165594373010

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2023-2133?
The severity of CVE-2023-2133 is High.
How can a remote attacker exploit CVE-2023-2133?
A remote attacker can potentially exploit CVE-2023-2133 by using a crafted HTML page to exploit heap corruption in the Service Worker API.
Which software is affected by CVE-2023-2133?
The following software is affected by CVE-2023-2133: Google Chrome prior to 112.0.5615.137, Microsoft Edge (Chromium-based), Microsoft Edge version 112.0.1722.58, Debian Debian Linux version 11.0, Fedoraproject Fedora versions 36, 37, and 38.
Is there a fix available for CVE-2023-2133?
Yes, the fix for CVE-2023-2133 is available in Google Chrome version 112.0.5615.137.
Where can I find more information about CVE-2023-2133?
You can find more information about CVE-2023-2133 at the following references: [1](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2133), [2](https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html), [3](https://crbug.com/1429197).

collector/msrc-cve
collector/msrc
collector/security-tracker-debian
agent/type
agent/first-publish-date
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
agent/title
agent/author
agent/severity
agent/weakness
agent/references
collector/chrome-releases
agent/software-canonical-lookup
agent/description
agent/tags
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-api
source/NVD
vendor/microsoft
canonical/microsoft edge
package-manager/debian
vendor/google
canonical/google chrome
vendor/debian
canonical/debian debian linux
version/debian debian linux/11.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/36
version/fedoraproject fedora/37
version/fedoraproject fedora/38
canonical/microsoft edge (chromium-based)