Chrome V8 Type Confusion

Posted on 30 June 2023

v8::internal::JSObject::SetAccessor does not check if the receiver is extensible before adding a new property. A potential attacker can exploit the ability to extend non-extensible objects to achieve arbitrary code execution inside the renderer process. Google Chrome version 113.0.5672.63 is affected.