**CRITICAL RISK** CVE-2023-6345 Google Chrome < v119.0.6045.199 – Sandbox Escape via Integer Overflow Vulnerability in Skia Graphics Engine

Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, and also for Android, where it is the default browser.

Background & Context

Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, and also for Android, where it is the default browser.

The Skia Graphics Engine or Skia is an open-source 2D graphics library written in C++. Skia abstracts away platform-specific graphics API (which differ from one to another). Skia Inc. originally developed the library; Google acquired it in 2005 and it is now used in the Google Chrome browser.

 

Vulnerability Summary

Skia Graphics Engine as used in Google Chrome prior to 119.0.6045.199 contains an integer overflow vulnerability. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. An integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may wrap to become a very small or negative number.

While this may be intended behaviour in circumstances that rely on wrapping, it can have security consequences if the wrap is unexpected. This can introduce other weaknesses when the calculation is used for resource management or execution control. This is especially the case if the integer overflow can be triggered using user-supplied inputs. This becomes security-critical when the result is used to control looping, make a security decision, or determine the offset or size in behaviours such as memory allocation, copying, or concatenation.

 

Impact If Exploited

Exploit allows a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file.

NOTE: An exploit for CVE-2023-6345 exists in the wild, This vulnerability has been reported by the CISA (America’s Cyber Defense Agency) to be known to be currently actively exploited in the wild as of 2023-11-30. Prioritisation should be given to remediation in any impacted environment

 

Affected Product Versions

  • Google Chrome prior to 119.0.6045.199
  • Microsoft Edge Stable Channel prior to version 119.0.2151.97
  • Potentially other Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi.
  • Potentially ChromeOS, Android and Flutter

 

Remediation

Official Fix & Remediation Guidance

Customers are advised to upgrade to the latest version of Google Chrome.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.

 

Temporary Mitigation & Workarounds:

(The vendor has not advised of any alternative temporary mitigation or workarounds)

NOTE: Caution should always be taken in applying any temporary mitigations listed. Mitigations are only recommended in cases where patches to remediate the vulnerability are not available, or cannot safely be applied to a given environment immediately. A given mitigation may not in all cases be recommended officially by the application vendor. The viability of any given temporary mitigation measure may vary, depending on server platform and existing configuration. Mitigations listed may incompletely remediate any given vulnerability. Configuration changes to implement listed mitigations may impact/disrupt required functionality within a given customer application. Care should therefore be taken to carefully analyse any listed mitigations for appropriateness to a given environment. Customers are advised to test any configuration changes prior to their being introduced into a production environment.

 

References:

 

Category: Sandbox Escape

 

Detection

AppCheck has added a plugin to detect the flaw that will run as part of your standard scans.

 

About AppCheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

Get started with Appcheck

No software to download or install.

Contact us or call us 0113 887 8380

About Appcheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)

No software to download or install.
Contact us or call us 0113 887 8380

Start your free trial

Your details
IP Addresses
URLs

Get in touch