CVE-2023-6345: 
vulnerability analysis and mitigation

CVE-2023-6345 is a high-severity integer overflow vulnerability discovered in Skia, a 2D graphics library used in Google Chrome. The vulnerability was reported by Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group and affects Google Chrome versions prior to 119.0.6045.199. The issue was disclosed on November 28, 2023, and has been confirmed to be actively exploited in the wild (Chrome Release).

The vulnerability is characterized as an integer overflow in Skia that could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a malicious file. The severity of this vulnerability is rated as CRITICAL with a CVSS v3.1 base score of 9.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). The vulnerability is classified under CWE-190 (Integer Overflow or Wraparound) (NVD).

The exploitation of this vulnerability could lead to sandbox escape, potentially allowing attackers to execute arbitrary code outside the browser's security sandbox. This is particularly severe as it has been confirmed to be actively exploited in the wild, making it a zero-day vulnerability at the time of discovery (Help Net Security).

Google has released version 119.0.6045.199 of Chrome to address this vulnerability. Users and administrators are strongly advised to update to this version or later. The fix has also been implemented in other Chromium-based browsers, including Microsoft Edge version 119.0.2151.97 and various Linux distributions including Debian, Fedora, and Gentoo (Debian Security, Gentoo Security).