Voyager18 (research)

Mitigating CVE-2023-6345 in Google Chrome

The critical zero-day CVE-2023-6345 affects millions of Google Chrome users and has already been exploited. Learn more here.

Orani Amroussi | November 30, 2023

Google Chrome, the near-ubiquitous web browser, has recently faced a critical security challenge, with the high-severity zero-day vulnerability identified as CVE-2023-6345 having been discovered, posing a significant threat to users worldwide.

Here’s what you need to know:

What is CVE-2023-6345?

CVE-2023-6345 is a severe security flaw in Google Chrome, categorized as an integer overflow bug in Skia, an open-source 2D graphics library. Discovered and reported by Google’s Threat Analysis Group on November 24, 2023, this vulnerability has raised concerns due to its potential impact on Chrome users.



Does it affect me?

If you are a user of Google Chrome or any Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi, this vulnerability could affect you. The nature of the bug allows for potential exploitation (instances of which we have already seen), which could compromise your browser’s security and integrity.

Has CVE-2023-6345 been actively exploited in the wild?

Yes, CVE-2023-6345 is not just a theoretical threat; it has been actively exploited in the wild. Although Google has not provided extensive details about the nature of these attacks or the threat actors involved, the acknowledgment of its exploitation increases the urgency for users to protect themselves.

Fixing CVE-2023-6345

To mitigate the threat posed by CVE-2023-6345, Google has released security updates. Users are strongly advised to upgrade their Chrome browser to version 119.0.6045.199/.200 for Windows and 119.0.6045.199 for macOS and Linux. Similarly, updates for other Chromium-based browsers should be applied as soon as they become available.

Next steps

Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

  1. Announcing the Attack Path Graph for end-to-end risk prioritization
  2. The Q3 2023 Vulnerability Watch report
  3. MITRE ATTACK framework – Mapping techniques to CVEs  
  4. Exploit maturity: an introduction  
  5. IBM’s Cost of a Data Breach report 2023 – what we learned

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy