The vulnerability was discovered and reported by Benoît Sevens and Clément Lecigne from Google’s Threat Analysis Group.
The vulnerability, tracked as CVE-2023-6345, is described as an integer overflow in Skia in Google Chrome before version 1.199 that allows a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Skia is an open-source 2D graphics library that powers the rendering of web pages in Google Chrome. Google LLC has released an emergency security update for its Chrome browser following the discovery of a critical vulnerability that could open the door to attacks.