CVE-2018-17480

CVE-2018-17480

Name

CVE-2018-17480

Description

Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Permissions Required	https://crbug.com/905940
Release Notes	https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
Third Party Advisory	https://www.debian.org/security/2018/dsa-4352
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:3803
Third Party Advisory	http://www.securityfocus.com/bid/106084
GENTOO	https://security.gentoo.org/glsa/201908-18
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-17480

Type

URI

Permissions Required

https://crbug.com/905940

Release Notes

https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html

Third Party Advisory

https://www.debian.org/security/2018/dsa-4352

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3803

Third Party Advisory

http://www.securityfocus.com/bid/106084