CVE-2023-6345

Published: Nov 29, 2023Modified: Oct 24, 2025CISA KEV

9.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 6.0

Source: NVD

Description

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Affected (7)

Products: Google: Chrome · Debian: Debian Linux · Fedoraproject: Fedora · +1 more

Show all products

Google: Chrome · Debian: Debian Linux · Fedoraproject: Fedora · Microsoft: Edge Chromium

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 119.0.6045.199

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 12.0
Fedoraproject Fedora	Version 37
Fedoraproject Fedora	Version 38
Fedoraproject Fedora	Version 39

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Edge Chromium	Before 119.0.2151.97

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (15)

https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html

Source: chrome-cve-admin@google.com

Release Notes

https://crbug.com/1505053

Source: chrome-cve-admin@google.com

Permissions Required

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/

Source: chrome-cve-admin@google.com

Broken LinkMailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/

Source: chrome-cve-admin@google.com

Broken LinkMailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/

Source: chrome-cve-admin@google.com

Broken LinkMailing List

https://security.gentoo.org/glsa/202401-34

Source: chrome-cve-admin@google.com

Third Party Advisory

https://www.debian.org/security/2023/dsa-5569

Source: chrome-cve-admin@google.com

Mailing List

https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://crbug.com/1505053

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkMailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkMailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkMailing List

https://security.gentoo.org/glsa/202401-34

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2023/dsa-5569

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6345

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.