Will CVE-2023-2033 affect Chrome only, or all V8 based JS engines?

[stevefan1999-personal]

It is said that you can confuse types in V8 that happens to be exploitable if you have a sussy web page:

Type confusion in V8 in Google Chrome before 112.0.5615.121 allowed a remote attacker to exploit heap corruption via a crafted HTML page potentially.

I wonder if this can be reproduced without using a sussy web page but close to it, say like inside of a JSDOM/isomorphic web page situation. Or maybe we can just make a simpler reproduction case that does proved to work universally among all JS engine.

[andreubotella]

I don't work at the Deno company and have no more information about this security vulnerability than is publicly available... but looking at the patch that fixes this vulnerability, I believe it is very likely to affect Deno. All versions of Deno (including 1.32.5, the latest released) have a vulnerable version of V8.