Product and Affected Versions:
- Product: Google Chrome
- Affected Versions: Versions up to 119.0.6045.199/.200 for Windows, 119.0.6045.199 for macOS and Linux
Severity and CVE ID
- Severity: High
- CVE ID: CVE-2023-6345 (integer overflow in Skia), CVE-2023-2033, CVE-2023-2136, CVE-2023-3079, CVE-2023-4863, CVE-2023-5217 (multiple vulnerabilities)
Vulnerability
- CVE-2023-6345: An integer overflow bug in Skia, an open-source 2D graphics library, allowing potential exploitation by attackers.
- CVE-2023-2033, CVE-2023-2136, CVE-2023-3079, CVE-2023-4863, CVE-2023-5217: Type confusion, integer overflow, heap buffer overflow vulnerabilities in various components of the browser (V8, Skia, WebP, libvpx).
How Attack Works
Attackers may craft malicious web pages or content to exploit these vulnerabilities and gain unauthorized access to the system.
Remediations
- Users are strongly recommended to update their Chrome browser to version 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux.
- Users of Chromium-based browsers like Microsoft Edge, Brave, Opera, and Vivaldi should also apply relevant security updates as soon as they are available.
Reference
Users can refer to official Google Chrome release notes or security advisories for detailed information and update instructions.
