1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Google Chrome Skia Integer Overflow Vulnerability

Known Exploited Vulnerabilities CVE-2023-2136 Mappings

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-2136 Google Chrome Skia Integer Overflow Vulnerability exploitation_technique T1204.001 Malicious Link
Comments
This integer overflow vulnerability is exploited by a remote attacker who has already compromised the renderer process of Google Chrome. Exploiting this vulnerability might lead to incorrect rendering, memory corruption, and arbitrary code execution that could grant the adversary unauthorized access to the system. Exploitation in the wild techniques have not been publicly released to reduce further abuse.
References
  1. https://www.bleepingcomputer.com/news/security/google-patches-another-actively-exploited-chrome-zero-day/
  2. https://thehackernews.com/2023/04/google-chrome-hit-by-second-zero-day.html