Integer Overflow Vulnerability in Google Chrome for Renderer Process
CVE-2023-6345
Key Information:
Badges
What is CVE-2023-6345?
An integer overflow vulnerability exists in the Skia graphics library used by Google Chrome. This issue allows an attacker with control over the renderer process to potentially perform a sandbox escape by exploiting a maliciously crafted file. This could lead to unauthorized access to system resources, making it essential for users to update their Chrome installations to the latest version to mitigate risks.
CISA has reported CVE-2023-6345
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-6345 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Chrome 119.0.6045.199
News Articles
Google releases emergency patches for eighth Chrome zero-day of 2023
Security pros say while it’s unfortunate Google found another zero-day, the company released a patch within a day.
Help Net SecurityCVE-2023-6345Google fixes Chrome zero day exploited in the wild (CVE-2023-6345) - Help Net Security
Google has released an update to fix a number of vulnerabilities in Chrome browser, including an exploited zero-day (CVE-2023-6345).
The Hacker NewsCVE-2023-6345Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
Google released security updates for Chrome to fix seven issues, including an actively exploited zero-day vulnerability (CVE-2023-6345).
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
- 📰
First article discovered by BleepingComputer
Vulnerability Reserved