Google Chrome Skia Integer Overflow Vulnerability - 20230426002

Overview

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

What is the vulnerability?

• CVE-2023-2136 - Integer overflow in Skia in Google Chrome prior to 112.0.5615.137

What is vulnerable?

The vulnerability affects the following products:

• Google Chrome versions prior to 112.0.5615.137

What has been observed?

• Google is aware that an exploit for CVE-2023-2136 exists in the wild.
• CISA has listed this vulnerabilty in their Known Exploited Vulnerabilties Catalog

Recommendation

CISA has issued an alert for the vulnerability and encourages users and administrators to review the advisory and apply the relevant updates.

Additional References

• https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html?m=1
• https://nvd.nist.gov/vuln/detail/CVE-2023-2136#VulnChangeHistorySection
• https://www.cve.org/CVERecord?id=CVE-2023-2136