{"vulnerability": "cve-2023-2133", "sightings": [{"uuid": "bc2e6720-2d0e-4e3e-b051-377a5275e810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21334", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lwggynnn5l52", "content": "", "creation_timestamp": "2025-08-15T08:33:34.908562Z"}, {"uuid": "6dcf5594-1aeb-4e36-8b16-898dbf646189", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21335", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lwh4dfyhb7p2", "content": "", "creation_timestamp": "2025-08-15T14:55:12.390094Z"}, {"uuid": "5459eb96-18f7-45f1-a66f-2e8ab331f280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21332", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lwhqrnwcbfz2", "content": "", "creation_timestamp": "2025-08-15T21:02:52.234642Z"}, {"uuid": "11742ccc-7cd9-4896-8ae2-6719e31cdb50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21333", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lwic5ydogok2", "content": "", "creation_timestamp": "2025-08-16T02:12:11.007001Z"}, {"uuid": "ad657a7e-da55-46e2-b38a-43318d884c33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21339", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lwm557noq5k2", "content": "", "creation_timestamp": "2025-08-17T14:54:06.901880Z"}, {"uuid": "28b0254e-85f9-46e5-8ef5-8a0bc6f16033", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21331", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lwljw7gwvei2", "content": "", "creation_timestamp": "2025-08-17T09:08:48.039681Z"}, {"uuid": "91cab359-6311-4948-b3e9-6aa56351d963", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21338", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lwmsmopuzbc2", "content": "", "creation_timestamp": "2025-08-17T21:18:32.338357Z"}, {"uuid": "bae4145c-f55d-45eb-ae5c-605ce0a53998", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21336", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lwo4amidkdp2", "content": "", "creation_timestamp": "2025-08-18T09:42:08.800246Z"}, {"uuid": "dd18b7c5-e797-4cb9-ab57-5749d1bcece9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21339", "type": "seen", "source": "https://t.me/cibsecurity/73156", "content": "\u203c CVE-2023-21339 \u203c\n\nIn Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-30T19:25:46.000000Z"}, {"uuid": "19982680-7ce9-41a5-adf4-12296564f932", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2133", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3864", "content": "\ud83d\udd30Hamer Candy Malaysian leak : https://system32.ink/hamer-candy-malaysian-leak/\n\n\ud83d\udd30Mituo China Leak : https://system32.ink/mituo-china-leak/\n\n\ud83d\udd30AdultFilmStarContent_com Leak : https://system32.ink/adultfilmstarcontent.com-leak/\n\n\ud83d\udd30CVE-2023-2133 Poc : https://system32.ink/cve-2023-2133-poc/\n\n\ud83d\udd30CVE-2023-36167 Poc : https://system32.ink/cve-2023-36167-poc/\n\n\ud83d\udd30CVE-2023-22906 Qubo Smart Doorbell device Exploit : https://system32.ink/cve-2023-22906-qubo-smart-doorbell-device-exploit/\n\n@crackcodes | System32.ink | Crackcodes.in", "creation_timestamp": "2023-07-13T21:29:03.000000Z"}, {"uuid": "af75bf64-c4b5-4768-8dd0-3e488434d0ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2133", "type": "exploited", "source": "https://t.me/kasperskyb2b/577", "content": "\ud83d\udd04 \u041d\u043e\u0432\u0430\u044f \u043d\u0435\u0434\u0435\u043b\u044f \u2014 \u043d\u043e\u0432\u044b\u0439 0day \u0432 Chrome\n\n\u0412\u0435\u0447\u0435\u0440\u043e\u043c \u0432\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a Chrome \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0438 \u0435\u0449\u0451 \u0440\u0430\u0437, \u0447\u0442\u043e\u0431\u044b \u0437\u0430\u043a\u0440\u044b\u0442\u044c 8 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 4 \u043e\u0446\u0435\u043d\u0435\u043d\u044b \u043a\u0430\u043a \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u0435, \u0430 \u043e\u0434\u043d\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. CVE-2023-2133, -2134 \u0438 -2135 \u043d\u0430\u0439\u0434\u0435\u043d\u044b \u044d\u0442\u0438\u0447\u043d\u044b\u043c\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438, \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 Google \u0432\u044b\u043f\u043b\u0430\u0442\u0438\u043b \u0431\u0430\u0433 \u0431\u0430\u0443\u043d\u0442\u0438. \u041f\u0435\u0440\u0432\u044b\u0435 \u0434\u0432\u0435 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u043d\u0435\u0432\u0435\u0440\u043d\u043e\u0433\u043e \u0440\u0435\u0433\u0438\u043e\u043d\u0430 \u043f\u0430\u043c\u044f\u0442\u0438 \u0432 service worker API, \u0430 \u0442\u0440\u0435\u0442\u044c\u044f \u2014 UAF \u0432 DevTools. \u0421VE-2023-2136 \u043d\u0430\u0448\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Google TAG, \u0438 \u043f\u043e\u043a\u0430 \u043d\u0435\u0442 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043a\u0442\u043e \u0438 \u043a\u0430\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442 \u044d\u0442\u043e\u0442 \u0431\u0430\u0433 \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0432 Skia, \u043a\u0440\u043e\u0441\u0441\u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435\u043d\u043d\u043e\u0439 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 2D-\u0433\u0440\u0430\u0444\u0438\u043a\u0438, \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442\u044c \u043a RCE.  \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u043c\u0430 \u0438 \u0432 \u0434\u0440\u0443\u0433\u0438\u0445 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430\u0445 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Chromium \u0438, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0432 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u0445, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 Skia.\n\n\u041d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0432\u044b\u0448\u043b\u0438 \u0430\u043f\u0434\u0435\u0439\u0442\u044b Chrome 112.0.5615.137 \u0434\u043b\u044f  Mac,  112.0.5615.137/138 \u0434\u043b\u044f Windows \u0438 112.0.5615.165 \u0434\u043b\u044f Linux. Microsoft \u0432\u0447\u0435\u0440\u0430 \u0442\u0430\u043a\u0436\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0430 Edge \u0434\u043e 112.0.1722.54, \u0437\u0430\u043a\u0440\u044b\u0432 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c.\n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2023-04-20T14:49:40.000000Z"}, {"uuid": "ec980eed-03ed-4c2b-948d-ac3465acf59d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21335", "type": "seen", "source": "https://t.me/cibsecurity/73159", "content": "\u203c CVE-2023-21335 \u203c\n\nIn Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-30T19:25:50.000000Z"}, {"uuid": "cb56e922-a689-48d3-8b0b-9fe6b38fd0e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21336", "type": "seen", "source": "https://t.me/cibsecurity/73161", "content": "\u203c CVE-2023-21336 \u203c\n\nIn Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-30T19:25:52.000000Z"}, {"uuid": "fdcf8f62-8cbf-4e6a-8677-a5edea3e66c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21338", "type": "seen", "source": "https://t.me/cibsecurity/73157", "content": "\u203c CVE-2023-21338 \u203c\n\nIn Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-30T19:25:48.000000Z"}, {"uuid": "bde93c56-1830-4534-b000-d3cf495a4444", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2133", "type": "published-proof-of-concept", "source": "Telegram/ZPMcjDl_YbbDJ3etZP3BqKChdYJaSzNeePm8ZdO0d0CqNg", "content": "", "creation_timestamp": "2023-07-11T14:57:43.000000Z"}, {"uuid": "8daecb8d-77c2-4315-88ba-8fe53201b086", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21334", "type": "seen", "source": "https://t.me/cibsecurity/73155", "content": "\u203c CVE-2023-21334 \u203c\n\nIn App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-30T19:25:45.000000Z"}, {"uuid": "720ff189-e6de-4b7b-af53-f6a351cbf11d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21337", "type": "seen", "source": "https://t.me/cibsecurity/73154", "content": "\u203c CVE-2023-21337 \u203c\n\nIn InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-30T19:25:44.000000Z"}, {"uuid": "764f86c5-9663-4364-9431-44be93cf6a9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2133", "type": "seen", "source": "https://t.me/cibsecurity/62431", "content": "\u203c CVE-2023-2133 \u203c\n\nOut of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-19T07:43:14.000000Z"}]}