CVE-2018-6064
Advisory lineage Upstream: 0 Downstream: 7
Modified
Published: 14 Nov 2018, 15:00
Last modified:05 Aug 2024, 05:54
Vulnerability Summary
Overall Risk (default)
medium
49/100 CVSS Score
8.8 HIGH
v3.0 (nvd)
EPSS Score
21.04% HIGH
21% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
14 Nov 2018, 15:00
Published
Vulnerability first disclosed
05 Aug 2024, 05:54
Last Modified
Vulnerability information updated
Description
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS Metrics
- v3.0•HIGH•Score: 8.8CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 21.04%• Percentile: 96%
Techniques & Countermeasures
- CWE-704•Incorrect Type Conversion or Cast
The product does not correctly convert an object, resource, or structure from one type to a different type.
Affected Systems
- debian•debian_linux
9.0
- Unknown•Chrome
< 65.0.3325.146 | ≥ unspecified, < 65.0.3325.146
- redhat•enterprise_linux_desktop
6.0
- redhat•enterprise_linux_server
6.0
- redhat•enterprise_linux_workstation
6.0
References (7)
- https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
- https://www.exploit-db.com/exploits/44394/
- http://www.securityfocus.com/bid/103297
- https://access.redhat.com/errata/RHSA-2018:0484
- https://www.debian.org/security/2018/dsa-4182
- https://crbug.com/798644
- https://www.zerodayinitiative.com/advisories/ZDI-19-368/