VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-c3gp-gegn-mfb6

Essentials
Severities (48)
References (22)
Severity details (21)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-c3gp-gegn-mfb6
Aliases	CVE-2023-2136
Summary	Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Status	Published
Exploitability	2.0
Weighted Severity	8.6
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-190

Integer Overflow or Wraparound

System	Score	Found at
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00392	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00403	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00403	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00403	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00403	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
epss	0.00403	https://api.first.org/data/v1/epss?cve=CVE-2023-2136
cvssv3.1	9.6	https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
ssvc	Attend	https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
cvssv3.1	9.6	https://crbug.com/1432603
ssvc	Attend	https://crbug.com/1432603
cvssv3.1	9.6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/
ssvc	Attend	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/
cvssv3.1	9.6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/
ssvc	Attend	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/
cvssv3.1	9.6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/
ssvc	Attend	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/
cvssv3.1	9.6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/
ssvc	Attend	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/
cvssv3.1	9.6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/
ssvc	Attend	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/
cvssv3.1	9.6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/
ssvc	Attend	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/
cvssv3.1	9.6	https://nvd.nist.gov/vuln/detail/CVE-2023-2136
cvssv3.1	9.6	https://security.gentoo.org/glsa/202309-17
ssvc	Attend	https://security.gentoo.org/glsa/202309-17
cvssv3.1	9.6	https://www.debian.org/security/2023/dsa-5393
ssvc	Attend	https://www.debian.org/security/2023/dsa-5393

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-2136
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2133
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2134
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2135
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2136
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2137
1432603		https://crbug.com/1432603
202309-17		https://security.gentoo.org/glsa/202309-17
4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/
cpe:2.3:a:google:chrome::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:fedoraproject:fedora:36:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:::::::*
cpe:2.3:o:fedoraproject:fedora:37:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:::::::*
cpe:2.3:o:fedoraproject:fedora:38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:::::::*
CVE-2023-2136		https://nvd.nist.gov/vuln/detail/CVE-2023-2136
dsa-5393		https://www.debian.org/security/2023/dsa-5393
ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/
FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/
IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/
RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/
SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/
stable-channel-update-for-desktop_18.html		https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html

Data source	KEV
Date added	April 21, 2023
Description	Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
Required action	Apply updates per vendor instructions.
Due date	May 12, 2023
Note	https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html; https://nvd.nist.gov/vuln/detail/CVE-2023-2136
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T16:25:41Z/ Found at https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://crbug.com/1432603

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T16:25:41Z/ Found at https://crbug.com/1432603

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T16:25:41Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-2136

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202309-17

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T16:25:41Z/ Found at https://security.gentoo.org/glsa/202309-17

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://www.debian.org/security/2023/dsa-5393

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T16:25:41Z/ Found at https://www.debian.org/security/2023/dsa-5393

Exploit Prediction Scoring System (EPSS)

Percentile	0.51996
EPSS Score	0.00289
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:43:46.155464+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2023/2xxx/CVE-2023-2136.json	37.0.0