← back
CVE-2023-2136

CVE-2023-2136

CVSS 9.6 CRITICALEPSS 5.8%● KEVCWE-190
In short

A flaw in Chrome's graphics library (Skia) allows an attacker who already controls the browser's rendering process to escape the security sandbox and gain full system access by using a specially crafted webpage.

Technical detail

Integer overflow vulnerability in Skia graphics renderer enables sandbox escape when renderer process is compromised; attacker crafts malicious HTML to trigger the overflow, potentially escalating privileges to system level. Requires prior renderer compromise but results in critical sandbox bypass.

Summary generated and translated by AI from the official description.
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.htmlhttps://crbug.com/1432603https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/https://security.gentoo.org/glsa/202309-17https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-2136https://www.debian.org/security/2023/dsa-5393