CVE-2018-17463
CVE-2018-17463
In short
A flaw in Chrome's V8 JavaScript engine incorrectly marked certain operations as safe, allowing attackers to run malicious code within the browser's sandbox through a specially crafted webpage.
Technical detail
CVE-2018-17463 involves improper side effect annotation in V8 that permits escape from sandbox constraints; a remote attacker can craft HTML to trigger unsafe code execution with full process privileges via this annotation bypass.
Summary generated and translated by AI from the official description.
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 4
githubgithub.com/jhalon/CVE-2018-17463★ 11githubgithub.com/kdmarti2/CVE-2018-17463★ 1cve_referencepacketstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48184unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.htmlhttps://access.redhat.com/errata/RHSA-2018:3004https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.htmlhttps://crbug.com/888923https://security.gentoo.org/glsa/201811-10https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17463https://www.debian.org/security/2018/dsa-4330http://www.securityfocus.com/bid/105666