Google Chrome Skia Integer Overflow Vulnerability

Google Chrome Skia Integer Overflow Vulnerability

In Google Chrome prior to 112.0.5615.137, integer overflow in Skia allows a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Chromium Security Severity is classified as "high".

Technical Details

-

Affected Systems

Configuration 1:

• cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* (up to (excluding) 112.0.5615.137)

• cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

IoC’s

-

Recommended Solution(s)

This CVE is in CISA's Known Exploited Vulnerabilities Catalog.
Please refer to CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements.

Mitigations

-

CVE / CWE

CVE-2023-2136

Related Website(s)

• https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
• https://crbug.com/1432603
• https://nvd.nist.gov/vuln/detail/CVE-2023-2136
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/
• https://www.debian.org/security/2023/dsa-5393

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.