Known Exploited Vulnerability in Google Skia Integer Overflow - 20231201001

Overview

The WA SOC has been made aware of a high severity vulnerability, whereby an integer overflow in Skia in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file.

What is the vulnerability?

CVE-2023-6345 - CVSS v3 Base Score: N.A

What is vulnerable?

The vulnerability affects the following products:

• Chromium Fedora 38, version prior to 119.0.6045.199
• Chromium Fedora 39, version prior to 119.0.6045.199

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours (refer Patch Management):

• Fedora 38 Update: chromium-119.0.6045.199
• Fedora 39 Update: chromium-119.0.6045.199

Additional References

• Chrome Release
• CVE Mitre