CVE-2018-17480
CVE-2018-17480
In short
A vulnerability in Google Chrome's V8 engine allows attackers to run malicious JavaScript code when processing specially crafted web pages, potentially breaking out of Chrome's security sandbox and executing arbitrary code on your computer.
Technical detail
CWE-787 out-of-bounds write vulnerability in V8 array deserialization allows remote code execution within the sandbox environment. Attack vector is a crafted HTML page delivered to a user; successful exploitation enables arbitrary code execution, requiring user interaction (visiting a malicious page) as the primary precondition. Chrome versions before 71.0.3578.80 are affected.
Summary generated and translated by AI from the official description.
Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2018:3803https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.htmlhttps://crbug.com/905940https://security.gentoo.org/glsa/201908-18https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17480https://www.debian.org/security/2018/dsa-4352http://www.securityfocus.com/bid/106084