CVE-2023-6345 — Google Chromium Skia

Google Skia Integer Overflow Vulnerability

Added to KEV

2023-11-30

Federal due date

2023-12-21

Vendor

Google

Product

Chromium Skia

EPSS

83.7th percentile (score 0.019, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2023-6345

CISA short description

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.