/

CVE-2023-6345 Report - Details, Severity, & Advisories

CVE-2023-6345 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2023-6345?

CVE-2023-6345 is a high-severity vulnerability affecting Google Chrome versions prior to 119.0.6045.199, as well as certain Debian Linux and Fedora versions. This vulnerability is caused by an integer overflow in the Skia component of the browser, which could potentially allow a remote attacker to perform a sandbox escape via a malicious file. Users are advised to update their systems to the latest version of Chrome or the appropriate Linux distribution to mitigate the risk.

Who is impacted by CVE-2023-6345?

This issue impacts Chrome versions before 119.0.6045.199, as well as specific versions of Debian Linux and Fedora. Microsoft Edge Chromium versions up to (excluding) 119.0.2151.97 are also affected. In simpler terms, if you're using an older version of Chrome or certain Linux distributions, your system could be at risk.

What should I do if I’m affected?

If you're affected by the CVE-2023-6345 vulnerability, it's crucial to take action to secure your system. Update Google Chrome to version 119.0.6045.199 or later. If you're using Microsoft Edge Chromium, update to version 119.0.2151.97 or later. For Debian Linux and Fedora users, install the latest security updates available for your distribution. Check the Fedora 38 Update and Fedora 37 Update announcements for more information.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2023-6345 vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog. It is named "Google Skia Integer Overflow Vulnerability" and was added on November 30, 2023. The due date for taking action is December 21, 2023. To address this vulnerability, users should apply the recommended mitigations or stop using the affected product if no mitigations are available.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-190, which is an integer overflow issue in the Skia component of Google Chrome.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-6345 Report - Details, Severity, & Advisories

CVE-2023-6345 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2023-6345?

CVE-2023-6345 is a high-severity vulnerability affecting Google Chrome versions prior to 119.0.6045.199, as well as certain Debian Linux and Fedora versions. This vulnerability is caused by an integer overflow in the Skia component of the browser, which could potentially allow a remote attacker to perform a sandbox escape via a malicious file. Users are advised to update their systems to the latest version of Chrome or the appropriate Linux distribution to mitigate the risk.

Who is impacted by CVE-2023-6345?

This issue impacts Chrome versions before 119.0.6045.199, as well as specific versions of Debian Linux and Fedora. Microsoft Edge Chromium versions up to (excluding) 119.0.2151.97 are also affected. In simpler terms, if you're using an older version of Chrome or certain Linux distributions, your system could be at risk.

What should I do if I’m affected?

If you're affected by the CVE-2023-6345 vulnerability, it's crucial to take action to secure your system. Update Google Chrome to version 119.0.6045.199 or later. If you're using Microsoft Edge Chromium, update to version 119.0.2151.97 or later. For Debian Linux and Fedora users, install the latest security updates available for your distribution. Check the Fedora 38 Update and Fedora 37 Update announcements for more information.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2023-6345 vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog. It is named "Google Skia Integer Overflow Vulnerability" and was added on November 30, 2023. The due date for taking action is December 21, 2023. To address this vulnerability, users should apply the recommended mitigations or stop using the affected product if no mitigations are available.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-190, which is an integer overflow issue in the Skia component of Google Chrome.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-6345 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2023-6345?

CVE-2023-6345 is a high-severity vulnerability affecting Google Chrome versions prior to 119.0.6045.199, as well as certain Debian Linux and Fedora versions. This vulnerability is caused by an integer overflow in the Skia component of the browser, which could potentially allow a remote attacker to perform a sandbox escape via a malicious file. Users are advised to update their systems to the latest version of Chrome or the appropriate Linux distribution to mitigate the risk.

Who is impacted by CVE-2023-6345?

This issue impacts Chrome versions before 119.0.6045.199, as well as specific versions of Debian Linux and Fedora. Microsoft Edge Chromium versions up to (excluding) 119.0.2151.97 are also affected. In simpler terms, if you're using an older version of Chrome or certain Linux distributions, your system could be at risk.

What should I do if I’m affected?

If you're affected by the CVE-2023-6345 vulnerability, it's crucial to take action to secure your system. Update Google Chrome to version 119.0.6045.199 or later. If you're using Microsoft Edge Chromium, update to version 119.0.2151.97 or later. For Debian Linux and Fedora users, install the latest security updates available for your distribution. Check the Fedora 38 Update and Fedora 37 Update announcements for more information.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2023-6345 vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog. It is named "Google Skia Integer Overflow Vulnerability" and was added on November 30, 2023. The due date for taking action is December 21, 2023. To address this vulnerability, users should apply the recommended mitigations or stop using the affected product if no mitigations are available.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-190, which is an integer overflow issue in the Skia component of Google Chrome.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or refer to the sources below.