CVE-2023-6345

2023-11-2912:15:07

Alpine Linux Development Team

security.alpinelinux.org

skia

google chrome

sandbox escape

malicious file

integer overflow

unix

cve-2023-6345

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.074 Low

EPSS

Percentile

94.1%

JSON

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchqt5-qtwebengine< 5.15.16-r3UNKNOWN
Alpineedge-communitynoarchqt6-qtwebengine< 6.6.1-r1UNKNOWN
Alpine3.19-communitynoarchqt5-qtwebengine< 5.15.16-r2UNKNOWN
Alpine3.19-communitynoarchqt6-qtwebengine< 6.6.1-r1UNKNOWN
Alpine3.20-communitynoarchqt5-qtwebengine< 5.15.16-r3UNKNOWN
Alpine3.20-communitynoarchqt6-qtwebengine< 6.6.1-r1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	qt5-qtwebengine	< 5.15.16-r3	UNKNOWN
Alpine	edge-community	noarch	qt6-qtwebengine	< 6.6.1-r1	UNKNOWN
Alpine	3.19-community	noarch	qt5-qtwebengine	< 5.15.16-r2	UNKNOWN
Alpine	3.19-community	noarch	qt6-qtwebengine	< 6.6.1-r1	UNKNOWN
Alpine	3.20-community	noarch	qt5-qtwebengine	< 5.15.16-r3	UNKNOWN
Alpine	3.20-community	noarch	qt6-qtwebengine	< 6.6.1-r1	UNKNOWN