CVE-2023-6345 Overview
CVE-2023-6345 is a critical integer overflow vulnerability in the Skia graphics library used by Google Chrome. This vulnerability affects Chrome versions prior to 119.0.6045.199 and allows a remote attacker who has already compromised the renderer process to potentially escape the browser sandbox via a malicious file. The vulnerability has been actively exploited in the wild and is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
Critical Impact
This vulnerability enables sandbox escape from a compromised renderer process, potentially allowing attackers to execute arbitrary code outside the browser's security boundaries. Active exploitation has been confirmed in the wild.
Affected Products
- Google Chrome (versions prior to 119.0.6045.199)
- Microsoft Edge Chromium (Chromium-based versions)
- Debian Linux 11.0 and 12.0
- Fedora 37, 38, and 39
Discovery Timeline
- 2023-11-29 - CVE-2023-6345 published to NVD
- 2025-10-24 - Last updated in NVD database
Technical Details for CVE-2023-6345
Vulnerability Analysis
The vulnerability resides in Skia, the open-source 2D graphics library that serves as the graphics engine for Chrome, Android, and numerous other applications. Skia handles rendering operations including text, shapes, and images. The integer overflow condition (CWE-190) occurs when arithmetic operations on integer values exceed the maximum representable value, causing the result to wrap around to an unexpected smaller value.
In the context of this vulnerability, the integer overflow can lead to incorrect memory allocation sizes or buffer calculations within Skia's rendering pipeline. When an attacker has already gained code execution within the renderer process (through another vulnerability or attack chain), they can craft a malicious file that triggers this integer overflow condition. The resulting memory corruption can then be leveraged to escape Chrome's sandbox and execute code with higher privileges on the victim's system.
Root Cause
The root cause is an integer overflow vulnerability (CWE-190) within the Skia graphics library. When processing specially crafted graphical data, integer values used in memory size calculations can overflow, leading to undersized buffer allocations. Subsequent operations that write data based on the original (pre-overflow) calculations can then corrupt adjacent memory regions, providing primitives for sandbox escape.
Attack Vector
The attack requires network access and user interaction, typically through convincing a user to open a malicious file or visit a compromised website. The attack chain involves:
- Initial compromise of the Chrome renderer process through a separate vulnerability or exploit
- Delivery of a malicious file containing crafted graphical data designed to trigger the integer overflow in Skia
- Exploitation of the resulting memory corruption to escape the Chrome sandbox
- Execution of arbitrary code outside the sandboxed environment with the privileges of the browser process
The vulnerability affects the Changed scope, meaning a successful exploit can impact resources beyond the vulnerable component's security scope. This is characteristic of sandbox escape vulnerabilities where the attacker breaks out of the constrained renderer environment.
Detection Methods for CVE-2023-6345
Indicators of Compromise
- Unusual Chrome or Chromium-based browser crashes, particularly when processing graphical content
- Unexpected child processes spawned by browser processes with elevated privileges
- Anomalous memory access patterns or segmentation faults in Skia-related components
- Browser process attempting to access system resources outside normal sandbox boundaries
Detection Strategies
- Monitor for Chrome versions older than 119.0.6045.199 across the enterprise environment
- Implement endpoint detection rules for sandbox escape behaviors, such as renderer processes accessing restricted system resources
- Deploy browser version compliance checks through asset management tools
- Enable Chrome's built-in crash reporting and monitor for Skia-related crash signatures
Monitoring Recommendations
- Review browser update deployment status across all managed endpoints
- Monitor security advisories from Google Chrome, Microsoft Edge, and Linux distribution security teams
- Track CISA KEV catalog updates for related vulnerabilities in the Chromium attack chain
- Implement network monitoring for known malicious domains associated with CVE-2023-6345 exploitation campaigns
How to Mitigate CVE-2023-6345
Immediate Actions Required
- Update Google Chrome to version 119.0.6045.199 or later immediately
- Update Microsoft Edge to the latest Chromium-based version that includes the patch
- Apply security updates for Debian Linux (DSA-5569) and Fedora distributions
- Prioritize patching due to confirmed active exploitation in the wild
Patch Information
Google has released a security update addressing this vulnerability in Chrome version 119.0.6045.199. The fix was announced via the Chrome Desktop Update Announcement. Additional security advisories have been published by downstream vendors:
- Debian Security Advisory DSA-5569
- Gentoo GLSA 202401-34
- Fedora package announcements for Fedora 37, 38, and 39
The vulnerability is tracked as Chrome Bug Report #1505053 and is listed in the CISA Known Exploited Vulnerabilities Catalog.
Workarounds
- Enable automatic browser updates to ensure timely patching of future vulnerabilities
- Consider using browser isolation technologies to contain potential sandbox escapes
- Implement strict content security policies and restrict access to untrusted file sources
- Deploy endpoint protection solutions capable of detecting sandbox escape attempts
# Verify Chrome version on Linux systems
google-chrome --version
# Expected output: Google Chrome 119.0.6045.199 or later
# Force Chrome update check
google-chrome --check-for-update-interval=1
# Verify Chromium package version on Debian
apt-cache policy chromium
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
