PT-2018-2063 · Google+5 · Skia+6
Tran Tien Hung
·
Publicado
2018-09-13
·
Atualizado
2024-12-12
·
CVE-2018-18356
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 71.0.3578.80
Description
The issue is caused by an integer overflow in path handling, leading to a use after free in the Skia library. This could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, impacting the confidentiality, integrity, and availability of protected information.
Recommendations
For versions prior to 71.0.3578.80, update to version 71.0.3578.80 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages until the update is applied.
Exploit
Correção
Use After Free
Memory Corruption
Integer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Google Chrome
Red Hat
Skia
Suse
Ubuntu