What is the severity of CVE-2023-2136?

CVE-2023-2136 has a CVSS v3 score of 9.6, which is classified as Critical severity.

Is there an exploit available for CVE-2023-2136?

Yes, there are known exploits available for CVE-2023-2136. Immediate patching is recommended.

Is there a patch available for CVE-2023-2136?

Yes, patches are available for CVE-2023-2136. Check the vendor advisories for update instructions.

CVE-2023-2136

Published: January 26, 2026

Last updated:1 day ago (January 26, 2026)

Exploit: YesZero-day: YesPatch: YesTrend: Neutral

TL;DR

Updated January 26, 2026

CVE-2023-2136 is a critical severity vulnerability with a CVSS score of 9.6. Exploits are available; patches have been released and should be applied urgently. This is classified as a zero-day vulnerability.

Key Points

1Critical severity (CVSS 9.6/10)
2EPSS: 1.00% - moderate likelihood of exploitation
3Public exploits are available
4Vendor patches are available
5Strobes Priority Score: 874/1000 (High)
6Affects products from: Fedoraproject, Google, Debian

Severity Scores

CVSS v39.6

CVSS v20.0

Priority Score874.0

EPSS Score1.0

Critical

Exploitation LikelihoodLow

1.00%EPSS

Lower probability of exploitation

Patch during regular maintenance

1.00%

EPSS

9.6

CVSS

Yes

Exploit

Yes

Patch

High Priority

exploit exists • critical severity

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Network

User Interaction:Required

Scope:Changed

Confidentiality:High

Integrity:High

Availability:High

Exploit References

Cisa.gov

Patch References

Chromereleases.googleblog.com Zeroday CZ

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Fedoraproject	Fedora
Google	Chrome
Debian	Debian Linux

Advisories

CISA: Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

GitHub Advisory NVD

Cite This Page

APA Format

Strobes VI. (2026). CVE-2023-2136 - CVE Details and Analysis. Strobes VI. Retrieved January 27, 2026, from https://vi.strobes.co/cve/CVE-2023-2136

Quick copy link + title

Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.

Vendor

Product

Fedoraproject

Fedora

Google

Chrome

Debian

Debian Linux