CVE-2023-6345

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 6 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

1.93%

probability

This CVE has a 1.93% probability of being exploited in the next 30 days.

0% Top 83.6th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

Integer Overflow in Skia

Attack Intelligence

CWE-190 · Integer Overflow CWE-682 · Incorrect Calculation

Google Project Zero

Discovered

Nov. 24, 2023

Patched

Nov. 28, 2023

Reported by

Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group

Root Cause Analysis

???

Google fixes first actively exploited Chrome zero-day of 2024

BleepingComputer Jan 16, 2024

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability

TheHackerNews

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

TheHackerNews

Google fixes 8th Chrome zero-day exploited in attacks this year

BleepingComputer Dec 20, 2023

Google Chrome emergency update fixes 7th zero-day exploited in 2023

BleepingComputer Nov 28, 2023

Security Advisory 2023-093

CERT-EU Nov 29, 2023

Signal Intelligence

Confidenceⓘ

92%

EPSS 1.93%

Mentions 6

Last Seen Jan 16, 2024

CNA Information

Analyst Note

CVE-2023-6345 is confirmed as actively exploited in the wild, with multiple credible sources (BleepingComputer, CERT-EU) documenting real-world attacks. The critical CVSS score of 9.6, combined with Google Project Zero attribution and evidence of sandbox escape exploitation, strongly validates the confirmed status.

Triage Info

Decided atMar 03, 2026