CVE-2023-6350 – This is a use-after-free vulnerability in Chrom... (How to Fix)

Q: What is the severity of CVE-2023-6350?

CVE-2023-6350 has a CVSS score of 8.8 (HIGH). This is a use-after-free vulnerability in Chrome's libavif library that allows remote attackers to potentially exploit heap corruption via crafted AVIF image files. Attackers could execute arbitrary code or cause crashes. All Chrome users prior to version 119.0.6045.199 are affected.

📋 TL;DR

This is a use-after-free vulnerability in Chrome's libavif library that allows remote attackers to potentially exploit heap corruption via crafted AVIF image files. Attackers could execute arbitrary code or cause crashes. All Chrome users prior to version 119.0.6045.199 are affected.

💻 Affected Systems

Products:

Google Chrome
Chromium-based browsers

Versions: Prior to 119.0.6045.199

Operating Systems: Windows, macOS, Linux, ChromeOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default Chrome installations are vulnerable. Embedded Chromium in other applications may also be affected.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Browser crash (denial of service) or limited code execution within Chrome's sandbox.

🟢

If Mitigated

No impact if Chrome is fully patched or if AVIF file handling is disabled.

🌐 Internet-Facing: HIGH - Attackers can host malicious AVIF files on websites or deliver via email/ads.

🏢 Internal Only: MEDIUM - Requires user interaction (opening malicious file) but could spread via internal documents.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user to open a malicious AVIF file, but no authentication is needed. Heap corruption exploitation requires specific conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 119.0.6045.199 and later

Vendor Advisory: https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click three dots menu → Help → About Google Chrome. 3. Chrome will automatically check for and install update. 4. Click 'Relaunch' to restart Chrome.

🔧 Temporary Workarounds

Disable AVIF image rendering

all

Prevent Chrome from processing AVIF files via enterprise policy or flags

chrome://flags/#enable-avif
Set to 'Disabled'

Block AVIF downloads

all

Use network filtering to block .avif files

🧯 If You Can't Patch

Use alternative browser without vulnerable libavif version
Implement application whitelisting to block Chrome execution

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: chrome://version/ - if version is less than 119.0.6045.199, system is vulnerable.

Check Version:

chrome://version/ or 'google-chrome --version' on Linux/macOS

Verify Fix Applied:

Confirm Chrome version is 119.0.6045.199 or higher via chrome://version/

📡 Detection & Monitoring

Log Indicators:

Chrome crash reports
Windows Event Logs: Application Error for chrome.exe

Network Indicators:

Unusual downloads of .avif files
Requests to suspicious image hosting domains

SIEM Query:

source="chrome_crash_logs" AND message="libavif" OR source="windows_security" AND event_id=1000 AND process_name="chrome.exe"

📊 Metadata

CVE ID: CVE-2023-6350

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: November 29, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6350, you might also want to check these: