PT-2023-7236 · Google+4 · Google Chrome+5

Benoît Sevens

Publicado

2023-11-28

Atualizado

2026-03-26

CVE-2023-6345

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 119.0.6045.199

Description The issue is related to an integer overflow in the Skia graphics library of Google Chrome, allowing a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a malicious file. The severity of this issue is high. It has been reported that an exploit for this issue exists in the wild and has been actively exploited by hackers. Google has released an emergency security update to address this zero-day vulnerability.

Recommendations For Google Chrome versions prior to 119.0.6045.199, update to version 119.0.6045.199 or later to fix the integer overflow vulnerability in the Skia graphics library. As a temporary workaround, consider restricting access to potentially malicious files until the update is applied.

Exploit

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2023-8110

ALT-PU-2023-8370

ALT-PU-2024-10294

ALT-PU-2024-14286

ALT-PU-2024-14830

BDU:2023-08264

CVE-2023-6345

DSA-5569-1

OPENSUSE-SU-2023:0387-1

OPENSUSE-SU-2023:0396-1

OPENSUSE-SU-2023:0397-1

OPENSUSE-SU-2023_0396-1

OPENSUSE-SU-2023_0397-1

OPENSUSE-SU-2024:13473-1

OPENSUSE-SU-2024:13481-1

OPENSUSE-SU-2024:13483-1

OPENSUSE-SU-2024:14001-1

Produtos afetados

Alt Linux

Astra Linux

Google Chrome

Red Os

Skia

Suse

PT-2023-7236 · Google+4 · Google Chrome+5

CVE-2023-6345

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 113