CVE-2023-6345
📋 TL;DR
This CVE describes an integer overflow vulnerability in Skia (Chrome's graphics engine) that allows an attacker who has already compromised Chrome's renderer process to potentially escape the browser sandbox. It affects Google Chrome versions prior to 119.0.6045.199. Users who visit malicious websites or open malicious files could be impacted.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Edge Chromium by Microsoft
Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via sandbox escape leading to arbitrary code execution with system privileges.
Likely Case
Limited impact requiring prior renderer compromise; most likely used in multi-stage attacks to elevate privileges after initial access.
If Mitigated
If Chrome is fully patched, no impact. With proper network segmentation and endpoint protection, lateral movement would be limited.
🎯 Exploit Status
Requires chaining with renderer compromise; sandbox escape adds complexity but is feasible for skilled attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 119.0.6045.199 and later
Vendor Advisory: https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and apply updates. 4. Restart Chrome when prompted.
🔧 Temporary Workarounds
Disable Chrome auto-updates (temporary)
linuxPrevent Chrome from updating automatically while investigating compatibility issues (not recommended long-term).
sudo apt-mark hold google-chrome-stable
🧯 If You Can't Patch
- Restrict Chrome to trusted websites only using browser policies or extensions.
- Deploy application whitelisting to block unauthorized Chrome execution.
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: if below 119.0.6045.199, it's vulnerable.Check Version:
google-chrome --versionVerify Fix Applied:
Confirm Chrome version is 119.0.6045.199 or higher.📡 Detection & Monitoring
Log Indicators:
- Chrome crash reports with sandbox-related errors
- Unexpected Chrome child process termination
Network Indicators:
- Unusual outbound connections from Chrome processes
- Traffic to known exploit hosting domains
SIEM Query:
process_name:"chrome.exe" AND (event_id:1000 OR event_id:1001) AND description:"sandbox"🔗 References
- https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
- https://crbug.com/1505053
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/
- https://security.gentoo.org/glsa/202401-34
- https://www.debian.org/security/2023/dsa-5569
- https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
- https://crbug.com/1505053
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ/
- https://security.gentoo.org/glsa/202401-34
- https://www.debian.org/security/2023/dsa-5569
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-6345
