CVE-2023-6704: 
vulnerability analysis and mitigation

CVE-2023-6704 is a high-severity use-after-free vulnerability discovered in libavif component of Google Chrome prior to version 120.0.6099.109. The vulnerability was disclosed on December 14, 2023, and was reported by researchers from Fudan University (Chrome Release).

The vulnerability is classified as a use-after-free flaw in the libavif library of Chrome, which could allow an attacker to potentially exploit heap corruption through a specially crafted image file. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high impacts on confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could allow a remote attacker to potentially execute arbitrary code through heap corruption when processing specially crafted image files. The high CVSS score indicates severe potential impacts on system security, including unauthorized access, data manipulation, and system compromise (NVD).

Google has released a patch in Chrome version 120.0.6099.109 to address this vulnerability. Users and administrators are strongly advised to upgrade to this version or later. The fix has also been incorporated into various Linux distributions including Fedora and Gentoo (Fedora Update, Gentoo Advisory).