CVE-2023-2136
published 2023-04-19CVE-2023-2136: Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a…
PriorityP186critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-05-12
Exploited in the wild
EPSS
5.79%
92.2th percentile
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 112.0.5615.138-1~deb11u1 | 112.0.5615.138-1~deb11u1 |
| chromium | chromium | >= 0 < 112.0.5615.138-1 | 112.0.5615.138-1 |
| chromium | chromium | >= 0 < 112.0.5615.138-1 | 112.0.5615.138-1 |
| chromium | chromium | >= 0 < 112.0.5615.138-1 | 112.0.5615.138-1 |
| debian | chromium | < chromium 112.0.5615.138-1 (bookworm) | chromium 112.0.5615.138-1 (bookworm) |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| android | — | — | |
| chrome | < 112.0.5615.137 | 112.0.5615.137 | |
| chrome | >= 112.0.5615.137 < 112.0.5615.137 | 112.0.5615.137 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
| platform | external_skia | >= 13-next:0 < 13-next:2023-07-01 | 13-next:2023-07-01 |
| platform | external_skia | >= 13:0 < 13:2023-07-01 | 13:2023-07-01 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is actively exploited in the wild (confirmed by Google and CISA KEV); prioritize detection of unpatched Chrome/Edge instances below version 112.0.5615.137 ↗
- →Attack vector is a crafted HTML page delivered to a victim running a vulnerable Chromium-based browser; monitor for renderer process anomalies or unexpected child process spawning from browser processes (potential sandbox escape indicator) ↗
- →Scope of affected products is broad: Google Chrome, ChromeOS, Android 13, Flutter, and Microsoft Edge (Chromium-based); ensure detection/patching coverage spans all these platforms ↗
- →On Android, track AOSP reference A-278113033 for patch verification on Android 13 devices; exploitation type is classified as RCE ↗
- ·Fixed version threshold for Google Chrome (desktop) is 112.0.5615.137; any version prior to this is vulnerable ↗
- ·Fixed Debian package version is 112.0.5615.138-1 across bookworm, bullseye, forky, sid, and trixie releases ↗
- ·CISA KEV remediation deadline was 2023-05-12; any asset not yet patched is significantly overdue ↗
CVSS provenance
nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
osv9.6CRITICAL
vulncheck9.6CRITICAL
cisa9.6CRITICAL
vendor_debian9.6CRITICAL
vendor_msrc9.6CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-2136: In multiple functions of SkSLFunctionDefinition
osv·2023-07-01
CVE-2023-2136 CVE-2023-2136: In multiple functions of SkSLFunctionDefinition
In multiple functions of SkSLFunctionDefinition.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.
GHSA
GHSA-63j8-q3xx-g3c2: Integer overflow in Skia in Google Chrome prior to 112
ghsa_unreviewed·2023-04-19
CVE-2023-2136 [CRITICAL] CWE-190 GHSA-63j8-q3xx-g3c2: Integer overflow in Skia in Google Chrome prior to 112
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
OSV
CVE-2023-2136: Integer overflow in Skia in Google Chrome prior to 112
osv·2023-04-19·CVSS 9.6
CVE-2023-2136 [CRITICAL] CVE-2023-2136: Integer overflow in Skia in Google Chrome prior to 112
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
VulnCheck
Google Chrome Skia Integer Overflow Vulnerability
vulncheck·2023·CVSS 9.6
CVE-2023-2136 [CRITICAL] CWE-190 Google Chrome Skia Integer Overflow Vulnerability
Google Chrome Skia Integer Overflow Vulnerability
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
Affected: Google Chromium Skia
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://securelist.com/it-threat-evolution-q2-2023-non-mobile-statistics/110413/; https://ti.qianxin.com/uploads/2024/02/02/dcc93e586f9028c68e7ab34c3326ff3
Project0
Project Zero RCA: CVE-2023-6345: Integer overflow in Skia MeshOp::onCombineIfPossible
project_zero·CVSS 9.6
CVE-2023-6345 [CRITICAL] Project Zero RCA: CVE-2023-6345: Integer overflow in Skia MeshOp::onCombineIfPossible
# CVE-2023-6345: Integer overflow in Skia MeshOp::onCombineIfPossible
*Benoît Sevens and Clement Lecigne*
## The Basics
**Disclosure or Patch Date:** November 28, 2023
**Product:** Google Chrome
**Advisory:** https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html
**Affected Versions:** Versions older than 119.0.6045.199
**First Patched Version:** 119.0.6045.199
**Issue/Bug Report:** https://crbug.com/1505053
**Patch CL:** https://skia.googlesource.com/skia/+/6169a1fabae1743709bc9641ad43fcbb6a4f62e1
**Bug-Introducing CL:** https://skia.googlesource.com/skia/+/8a85ab0d96a1128c64fa21133518e835506b3895
**Reporter(s):** Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group
## The Code
**Proof-of-concept:**
Compile Skia with [ASAN](http
Android
CVE-2023-2136: Android Security Bulletin 2023-07-01
CVE: CVE-2023-2136
Severity: HIGH
Type: RCE
Affected AOSP versions: 13
References: A-278113033
vendor_android·2023-07-01·CVSS 9.6
CVE-2023-2136 [CRITICAL] CVE-2023-2136: Android Security Bulletin 2023-07-01
CVE: CVE-2023-2136
Severity: HIGH
Type: RCE
Affected AOSP versions: 13
References: A-278113033
Android Security Bulletin 2023-07-01
CVE: CVE-2023-2136
Severity: HIGH
Type: RCE
Affected AOSP versions: 13
References: A-278113033
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2023-2136
vendor_chrome·2023-04-27·CVSS 9.6
CVE-2023-2136 [CRITICAL] Long Term Support Channel Update for ChromeOS: CVE-2023-2136
Long Term Support Channel Update for ChromeOS
CVE-2023-2136
CISA
Google Chrome Skia Integer Overflow Vulnerability
cisa·2023-04-21·CVSS 9.6
CVE-2023-2136 [CRITICAL] CWE-190 Google Chrome Skia Integer Overflow Vulnerability
Vulnerability: Google Chrome Skia Integer Overflow Vulnerability
Affected: Google Chromium Skia
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
Required Action: Apply updates per vendor instructions.
Notes: https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html; https://nvd.nist.gov/vuln/detail/CVE-2023-2136
Remediation Due Date: 2023-05-12
Microsoft
Chromium: CVE-2023-2136 Integer overflow in Skia
vendor_msrc·2023-04-11·CVSS 9.6
CVE-2023-2136 [CRITICAL] Chromium: CVE-2023-2136 Integer overflow in Skia
Chromium: CVE-2023-2136 Integer overflow in Skia
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Google is aware that an exploit for CVE-2023-2136 exists in the wild.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the windo
Debian
CVE-2023-2136: chromium - Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remo...
vendor_debian·2023·CVSS 9.6
CVE-2023-2136 [CRITICAL] CVE-2023-2136: chromium - Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remo...
Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 112.0.5615.138-1)
bullseye: resolved (fixed in 112.0.5615.138-1~deb11u1)
forky: resolved (fixed in 112.0.5615.138-1)
sid: resolved (fixed in 112.0.5615.138-1)
trixie: resolved (fixed in 112.0.5615.138-1)
No detection rules found.
No public exploits indexed.
Mandiant
Look What You Made Us Patch: 2025 Zero-Days in Review
blogs_mandiant·2026-03-05
Look What You Made Us Patch: 2025 Zero-Days in Review
Threat Intelligence
# Look What You Made Us Patch: 2025 Zero-Days in Review
March 5, 2026
##### Google Threat Intelligence Group
##### Google Threat Intelligence
Visibility and context on the threats that matter most.
Contact Us & Get a Demo
Written by: Casey Charrier, James Sadowski, Zander Work, Clement Lecigne, Benoît Sevens, Fred Plan
### Executive Summary
Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploited in-the-wild in 2025. Although that volume of zero-days is lower than the record high observed in 2023 (100), it is higher than 2024’s count (78) and remained within the 60–100 range established over the previous four years, indicating a trend toward stabilization at these levels.
In 2025, we continued to observe the structural shift, first
Mandiant
Look What You Made Us Patch: 2025 Zero-Days in Review
blogs_mandiant·2026-03-05
Look What You Made Us Patch: 2025 Zero-Days in Review
## Look What You Made Us Patch: 2025 Zero-Days in Review
## Google Threat Intelligence Group
## Google Threat Intelligence
Visibility and context on the threats that matter most.
Written by: Casey Charrier, James Sadowski, Zander Work, Clement Lecigne, Benoît Sevens, Fred Plan
## Executive Summary
Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities exploited in-the-wild in 2025. Although that volume of zero-days is lower than the record high observed in 2023 (100), it is higher than 2024’s count (78) and remained within the 60–100 range established over the previous four years, indicating a trend toward stabilization at these levels.
In 2025, we continued to observe the structural shift, first identified in 2024, toward increased enterprise exploitation. Both
Mandiant
Intellexa’s Prolific Zero-Day Exploits Continue
blogs_mandiant·2025-12-03
Intellexa’s Prolific Zero-Day Exploits Continue
Threat Intelligence
# Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
December 3, 2025
##### Google Threat Intelligence Group
##### Google Threat Intelligence
Visibility and context on the threats that matter most.
Contact Us & Get a Demo
### Introduction
Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government. New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving.
Intellexa has adapted, evaded restrictions, and continues selling digital weapons to the highest bidders. Alongside
Mandiant
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
blogs_mandiant·2025-12-03
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
## Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
## Google Threat Intelligence Group
## Google Threat Intelligence
Visibility and context on the threats that matter most.
## Introduction
Despite extensive scrutiny and public reporting , commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, Intellexa. Known for its “Predator” spyware, the company was sanctioned by the US Government . New Google Threat Intelligence Group (GTIG) analysis shows that Intellexa is evading restrictions and thriving .
Intellexa has adapted, evaded restrictions, and continues selling digital weapons to the highest bidders. Alongside research published by our colleagues from Recorded Future and Amne
Bleepingcomputer
Google fixes first actively exploited Chrome zero-day of 2024
blogs_bleepingcomputer·2024-01-16·CVSS 8.8
CVE-2024-0519 [HIGH] Google fixes first actively exploited Chrome zero-day of 2024
## Google fixes first actively exploited Chrome zero-day of 2024
## Sergiu Gatlan
Although Google says the security update could take days or weeks to reach all impacted users, it was available immediately when BleepingComputer checked for updates today.
Those who prefer not to update their web browser manually can rely on Chrome to automatically check for new updates and install them after the next launch.
The high-severity zero-day vulnerability ( CVE-2024-0519 ) is due to a high-severity out-of-bounds memory access weakness in the Chrome V8 JavaScript engine, which remote attackers can exploit via a crafted HTML page to gain access to data beyond the memory buffer through heap corruption, providing them access to sensitive information or triggering a crash.
"The expected sentinel
Bleepingcomputer
Google fixes 8th Chrome zero-day exploited in attacks this year
blogs_bleepingcomputer·2023-12-20·CVSS 8.8
[HIGH] Google fixes 8th Chrome zero-day exploited in attacks this year
## Google fixes 8th Chrome zero-day exploited in attacks this year
## Sergiu Gatlan
The bug was discovered and reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group (TAG), a collective of security experts whose primary goal is to defend Google customers from state-sponsored attacks.
Google's Threat Analysis Group (TAG) frequently discovers zero-day bugs exploited by government-sponsored threat actors in targeted attacks aiming to deploy spyware on the devices of high-risk individuals, including opposition politicians, dissidents, and journalists.
Even though the security update could take days or weeks to reach all users, according to Google, it was available immediately when BleepingComputer checked for updates earlier today.
Individuals who prefer not t
Bleepingcomputer
Google Chrome emergency update fixes 7th zero-day exploited in 2023
blogs_bleepingcomputer·2023-11-28·CVSS 9.6
[CRITICAL] Google Chrome emergency update fixes 7th zero-day exploited in 2023
## Google Chrome emergency update fixes 7th zero-day exploited in 2023
## Sergiu Gatlan
The vulnerability has been addressed in the Stable Desktop channel, with patched versions rolling out globally to Windows users (119.0.6045.199/.200) and Mac and Linux users (119.0.6045.199).
Although the advisory notes that the security update may take days or weeks to reach the entire user base, it was available immediately when BleepingComputer checked for updates earlier today.
Users who don't want to update manually can rely on the web browser to check for new updates automatically and install them after the next launch.
## Likely exploited in spyware attacks
This high-severity zero-day vulnerability stems from an integer overflow weakness within the Skia open-source 2D graphics library, pos
Sentinelone
Beyond the WebP Flaw | An In-depth Look at 2023's Browser Security Challenges
blogs_sentinelone·2023-10-03
Beyond the WebP Flaw | An In-depth Look at 2023's Browser Security Challenges
This week, Firefox users were urged to apply Mozilla’s latest updates against a critical flaw that could allow attackers to take control of affected systems. It follows hard on the heels of similar updates for Microsoft Edge, Google Chrome, and Apple’s Safari browser. All have been heavily impacted by an actively exploited vulnerability in the WebP code library.
Although the WebP vulnerability affects other software as well, browsers are by far and away the most ubiquitous and widely used applications on end user devices . Having a foothold in a compromised browser gives threat actors access to sensitive information and potential avenues into targeted environments.
In this post, we take a deep dive into browser security , exploring the differences between vulnerabilities and exploits, ze
Sentinelone
Beyond the WebP Flaw | An In-depth Look at 2023's Browser Security Challenges
blogs_sentinelone·2023-10-03
Beyond the WebP Flaw | An In-depth Look at 2023's Browser Security Challenges
This week, Firefox users were urged to apply Mozilla’s latest updates against a critical flaw that could allow attackers to take control of affected systems. It follows hard on the heels of similar updates for Microsoft Edge, Google Chrome, and Apple’s Safari browser. All have been heavily impacted by an actively exploited vulnerability in the WebP code library.
Although the WebP vulnerability affects other software as well, browsers are by far and away the most ubiquitous and widely used applications on end user devices. Having a foothold in a compromised browser gives threat actors access to sensitive information and potential avenues into targeted environments.
In this post, we take a deep dive into browser security, exploring the differences between vulnerabilities and exploits, zero
Securelist
IT threat evolution in Q2 2023. Non-mobile statistics
blogs_securelist·2023-08-30
IT threat evolution in Q2 2023. Non-mobile statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Geography of financial malware attacks
Ransomware programs
Quarterly trends and highlights
MOVEit Transfer vulnerabilities exploited
Attacks on municipal organizations, educational and healthcare establishments
Most prolific groups
Number of new modifications
Number of users attacked by ransomware Trojans
Geography of attacked users
TOP 10 most common families of ransomware Trojans
Miners
Number of new miner modifications
Number of users attacked by miners
Geography of miner attacks
Vulnerable applications used by criminals during cyberattacks
Quarterly highlights
Vulnerability statistics
Attacks on macOS
Geography of threats for macOS
IoT attacks
IoT threat statistics
Attacks on IoT
Securelist
PC malware statistics, Q2 2022
blogs_securelist·2023-08-30
PC malware statistics, Q2 2022
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Most prolific groups
- Miners
- Vulnerable applications used by criminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks on IoT honeypots
- Attacks via web resources
- Local threats
Authors
- AMR
- IT threat evolution in Q2 2023
- IT threat evolution in Q2 2023. Non-mobile statistics
- IT threat evolution in Q2 2023. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q2 2023:
- Kaspersky solutions blocked 801,934,281 attacks from online resources across the globe.
- A total of 209,716,810 unique links were d
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.htmlhttps://crbug.com/1432603https://lists.fedoraproject.org/archives/list/[email protected]/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/https://lists.fedoraproject.org/archives/list/[email protected]/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/https://lists.fedoraproject.org/archives/list/[email protected]/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/https://lists.fedoraproject.org/archives/list/[email protected]/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/https://lists.fedoraproject.org/archives/list/[email protected]/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/https://lists.fedoraproject.org/archives/list/[email protected]/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/https://security.gentoo.org/glsa/202309-17https://www.debian.org/security/2023/dsa-5393https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.htmlhttps://crbug.com/1432603https://lists.fedoraproject.org/archives/list/[email protected]/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/https://lists.fedoraproject.org/archives/list/[email protected]/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/https://lists.fedoraproject.org/archives/list/[email protected]/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/https://lists.fedoraproject.org/archives/list/[email protected]/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/https://lists.fedoraproject.org/archives/list/[email protected]/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/https://lists.fedoraproject.org/archives/list/[email protected]/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/https://security.gentoo.org/glsa/202309-17https://www.debian.org/security/2023/dsa-5393https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-2136
2023-04-19
Published
2023-04-21
Added to CISA KEV
Exploited in the wild