Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-2136
CVE-2023-2136:
vulnerability analysis and mitigation
Overview
CVE-2023-2136 is an integer overflow vulnerability discovered in the Skia graphics library of Google Chrome prior to version 112.0.5615.137. The vulnerability was reported by Clément Lecigne of Google's Threat Analysis Group on April 12, 2023, and was publicly disclosed on April 18, 2023 (Chrome Release).
Technical details
The vulnerability is classified as a high-severity integer overflow issue in Skia, an open-source 2D graphics library used by Google Chrome. The flaw could allow a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page (NVD, Hacker News).
Impact
The vulnerability could enable an attacker who has compromised the renderer process to escape the browser's sandbox protection mechanism, potentially leading to arbitrary code execution outside the browser's confined environment (Chrome Release, Hacker News).
Mitigation and workarounds
Google has released patches to address this vulnerability in Chrome version 112.0.5615.137 for Windows and Mac, and version 112.0.5615.165 for Linux. Users are strongly advised to update their browsers to these versions or later to mitigate the risk (Chrome Release).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management