CVE-2023-6345

2023-11-2912:15:07

Google

osv.dev

integer overflow

skia

google chrome

sandbox escape

remote attacker

malicious file

cve-2023-6345

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

6.2 Medium

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

JSON

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

CPENameOperatorVersion
chromiumeq114.0.5735.90-2~deb12u1
chromiumeq113.0.5672.63-2
chromiumeq107.0.5304.68-1~deb11u1
chromiumeq106.0.5249.91-1~deb11u1
chromiumeq114.0.5735.198-1
chromiumeq117.0.5938.132-2
chromiumeq89.0.4389.114-1
chromiumeq119.0.6045.159-1
chromiumeq111.0.5563.64-1~deb11u1
chromiumeq122.0.6261.128-1

Name	Operator	Version
chromium	eq	114.0.5735.90-2~deb12u1
chromium	eq	113.0.5672.63-2
chromium	eq	107.0.5304.68-1~deb11u1
chromium	eq	106.0.5249.91-1~deb11u1
chromium	eq	114.0.5735.198-1
chromium	eq	117.0.5938.132-2
chromium	eq	89.0.4389.114-1
chromium	eq	119.0.6045.159-1
chromium	eq	111.0.5563.64-1~deb11u1
chromium	eq	122.0.6261.128-1