CVE-2023-6345
Key Information
- Vendor
- Status
- Chrome
- Vendor
- CVE Published:
- 29 November 2023
Badges
Summary
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-6345 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Chrome < 119.0.6045.199
News Articles
Google releases emergency patches for eighth Chrome zero-day of 2023
Security pros say while it’s unfortunate Google found another zero-day, the company released a patch within a day.
9 months ago
Help Net Security CVE-2023-6345Google fixes Chrome zero day exploited in the wild (CVE-2023-6345) - Help Net Security
Google has released an update to fix a number of vulnerabilities in Chrome browser, including an exploited zero-day (CVE-2023-6345).
10 months ago
The Hacker News CVE-2023-6345Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
Google released security updates for Chrome to fix seven issues, including an actively exploited zero-day vulnerability (CVE-2023-6345).
10 months ago
EPSS Score
9% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
Vulnerability published.
First article discovered by BleepingComputer
Vulnerability Reserved.