CVE-2023-6345
CVE-2023-6345
In short
A mathematical error in Chrome's graphics engine allowed attackers who gained control of the browser's renderer to break out of Chrome's security sandbox using a specially crafted file. This is critical because it lets attackers access your entire computer.
Technical detail
Integer overflow in Skia graphics library allows sandbox escape when renderer process is compromised. Attack requires prior renderer compromise and malicious file delivery; successful exploitation grants system-level code execution beyond sandbox boundaries.
Summary generated and translated by AI from the official description.
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.htmlhttps://crbug.com/1505053https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/https://security.gentoo.org/glsa/202401-34https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6345https://www.debian.org/security/2023/dsa-5569