Vulnerability CVE-2018-6039


Published: 2018-09-25

Description:
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.

Type:

CWE-20

(Improper Input Validation)

Vendor: Google
Product: Chrome 
Version:
9.0.600.0
9.0.599.0
9.0.598.0
9.0.597.99
9.0.597.98
9.0.597.97
9.0.597.96
9.0.597.94
9.0.597.92
9.0.597.90
9.0.597.9
9.0.597.88
9.0.597.86
9.0.597.85
9.0.597.84
9.0.597.83
9.0.597.82
9.0.597.81
9.0.597.80
9.0.597.8
9.0.597.79
9.0.597.78
9.0.597.77
9.0.597.76
9.0.597.75
9.0.597.74
9.0.597.73
9.0.597.72
9.0.597.71
9.0.597.70
9.0.597.7
9.0.597.69
9.0.597.68
9.0.597.67
9.0.597.66
9.0.597.65
9.0.597.64
9.0.597.63
9.0.597.62
9.0.597.60
9.0.597.59
9.0.597.58
9.0.597.57
9.0.597.56
9.0.597.55
9.0.597.54
9.0.597.5
9.0.597.47
9.0.597.46
9.0.597.45
9.0.597.44
9.0.597.42
9.0.597.41
9.0.597.40
9.0.597.4
9.0.597.39
9.0.597.38
9.0.597.37
9.0.597.36
9.0.597.35
9.0.597.34
9.0.597.33
9.0.597.32
9.0.597.31
9.0.597.30
9.0.597.29
9.0.597.28
9.0.597.27
9.0.597.26
9.0.597.25
9.0.597.24
9.0.597.23
9.0.597.22
9.0.597.21
9.0.597.20
9.0.597.2
9.0.597.19
9.0.597.18
9.0.597.17
9.0.597.16
9.0.597.15
9.0.597.14
9.0.597.12
9.0.597.11
9.0.597.107
9.0.597.106
9.0.597.102
9.0.597.101
9.0.597.100
9.0.597.10
9.0.597.1
9.0.597.0
9.0.596.0
9.0.595.0
9.0.594.0
9.0.593.0
9.0.592.0
9.0.591.0
9.0.590.0
9.0.589.0
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.securityfocus.com/bid/102797
http://www.securitytracker.com/id/1040282
https://access.redhat.com/errata/RHSA-2018:0265
https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html
https://crbug.com/775527
https://www.debian.org/security/2018/dsa-4103

Related CVE
CVE-2019-2119
In multiple functions of key_store_service.cpp, there is a possible Information Disclosure due to improper locking. This could lead to local information disclosure of protected data with no additional execution privileges needed. User interaction is ...
CVE-2019-2118
In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. These could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Pr...
CVE-2019-2117
In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. ...
CVE-2019-2116
In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...
CVE-2019-2113
In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: An...
CVE-2019-2112
In several functions of alarm.cc, there is possible memory corruption due to a use after free. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. ...
CVE-2019-2111
In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitati...
CVE-2019-2109
In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for ...

Copyright 2019, cxsecurity.com

 

Back to Top