Vulnerability CVE-2018-17478


Published: 2019-06-27

Description:
Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.

Type:

CWE-129

(Improper Validation of Array Index)

Vendor: Google
Product: Chrome 
Version:
9.0.600.0
9.0.599.0
9.0.598.0
9.0.597.99
9.0.597.98
9.0.597.97
9.0.597.96
9.0.597.94
9.0.597.92
9.0.597.90
9.0.597.9
9.0.597.88
9.0.597.86
9.0.597.85
9.0.597.84
9.0.597.83
9.0.597.82
9.0.597.81
9.0.597.80
9.0.597.8
9.0.597.79
9.0.597.78
9.0.597.77
9.0.597.76
9.0.597.75
9.0.597.74
9.0.597.73
9.0.597.72
9.0.597.71
9.0.597.70
9.0.597.7
9.0.597.69
9.0.597.68
9.0.597.67
9.0.597.66
9.0.597.65
9.0.597.64
9.0.597.63
9.0.597.62
9.0.597.60
9.0.597.59
9.0.597.58
9.0.597.57
9.0.597.56
9.0.597.55
9.0.597.54
9.0.597.5
9.0.597.47
9.0.597.46
9.0.597.45
9.0.597.44
9.0.597.42
9.0.597.41
9.0.597.40
9.0.597.4
9.0.597.39
9.0.597.38
9.0.597.37
9.0.597.36
9.0.597.35
9.0.597.34
9.0.597.33
9.0.597.32
9.0.597.31
9.0.597.30
9.0.597.29
9.0.597.28
9.0.597.27
9.0.597.26
9.0.597.25
9.0.597.24
9.0.597.23
9.0.597.22
9.0.597.21
9.0.597.20
9.0.597.2
9.0.597.19
9.0.597.18
9.0.597.17
9.0.597.16
9.0.597.15
9.0.597.14
9.0.597.12
9.0.597.11
9.0.597.107
9.0.597.106
9.0.597.102
9.0.597.101
9.0.597.100
9.0.597.10
9.0.597.1
9.0.597.0
9.0.596.0
9.0.595.0
9.0.594.0
9.0.593.0
9.0.592.0
9.0.591.0
9.0.590.0
9.0.589.0
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-desktop.html
https://crbug.com/897512

Related CVE
CVE-2019-9461
In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for explo...
CVE-2019-9458
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9457
In the Android kernel in ELF file loading there is possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2019-9456
In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
CVE-2019-9455
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9454
In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9453
In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitati...
CVE-2019-9452
In the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitatio...

Copyright 2019, cxsecurity.com

 

Back to Top