Getting RCE in Chrome with incomplete object initialization in the Maglev compiler

In this post, I’ll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

By Sonic Mustang · March 16, 2026 · 1 min read

Getting RCE in Chrome with incomplete object initialization in the Maglev compiler

security
vulnerability research
chrome
exploit development
github security lab

Source: The GitHub Blog

In this post, I’ll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.