CVE-2023-6351: 
vulnerability analysis and mitigation

A high-severity use-after-free vulnerability (CVE-2023-6351) was discovered in libavif component of Google Chrome prior to version 119.0.6045.199. This vulnerability allows remote attackers to potentially exploit heap corruption through a specially crafted AVIF file (NVD, Chrome Blog).

The vulnerability is classified as a use-after-free flaw in the libavif library implementation within Chrome. The issue has been assigned a high severity rating by the Chromium security team. The vulnerability could be triggered when processing specially crafted AVIF image files, potentially leading to heap corruption (Chrome Blog).

If successfully exploited, this vulnerability could allow remote attackers to execute arbitrary code through heap corruption, potentially leading to system compromise. The vulnerability affects Chrome versions prior to 119.0.6045.199 across multiple platforms including Windows, Mac, and Linux (Debian Security, Fedora Update).

Users and administrators are strongly advised to upgrade to Chrome version 119.0.6045.199 or later. The vulnerability has been patched in this version. Various Linux distributions have also released security updates to address this vulnerability, including Debian (versions 119.0.6045.199-1~deb11u1 for bullseye and 119.0.6045.199-1~deb12u1 for bookworm) and Fedora (Debian Security, Gentoo Security).