CVE-2023-2136
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
12 articles
EPSS Score
Source: FIRST.org · 2026-05-24
0.44%
probability
This CVE has a 0.44% probability
of being exploited in the next 30 days.
0%
Top 63.2th percentile of all CVEs
100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE.
View on VulnerabilityLookup ↗
Description
Project ZeroInteger overflow in Skia
Google Project Zero
Discovered
April 12, 2023
Patched
April 18, 2023
Reported by
Clement Lecigne of the Google Threat Analysis Group
Root Cause Analysis
???
Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability
TheHackerNews
Google fixes first actively exploited Chrome zero-day of 2024
BleepingComputer
Jan 16, 2024
Google fixes new Chrome zero-day flaw with exploit in the wild
BleepingComputer
Jun 06, 2023
Google patches another actively exploited Chrome zero-day
BleepingComputer
Apr 19, 2023
Google fixes 8th Chrome zero-day exploited in attacks this year
BleepingComputer
Dec 20, 2023
Google Chrome emergency update fixes 7th zero-day exploited in 2023
BleepingComputer
Nov 28, 2023
Signal Intelligence
Confidence
92%
EPSS
0.44%
Mentions
12
Last Seen
Jan 16, 2024
CNA Information
Analyst Note
CVE-2023-2136 is confirmed as actively exploited in the wild with evidence of real-world attacks documented by BleepingComputer. The critical CVSS score of 9.6, inclusion in Project Zero, and sandbox escape capability via renderer process compromise provide strong technical justification for the confirmed status.
Threat Actors 6
APT 28
apt_group
Information theft and espionage
🇷🇺 RU
Infy
apt_group
Information theft and espionage
🇮🇷 IR
APT24
apt_group
Information theft and espionage
🇨🇳 CN
UNC1549
apt_group
Information theft and espionage
🇮🇷 IR
PassCV
apt_group
Information theft and espionage
🇨🇳 CN
APT 5
apt_group
Information theft and espionage
🇨🇳 CN
Triage Info
Decided atMar 03, 2026