PT-2018-3222 · Google+4 · Google Chrome+4

Yannic Bonenberger

Published

2018-04-26

Updated

2024-06-15

CVE-2018-5179

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 60 Google Chrome (affected versions not specified)

Description The issue allows a service worker to run perpetually by sending the activate event on itself periodically. This enables the service worker to monitor user activity. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. The service worker can send the activate event on itself periodically, allowing it to monitor activity by users.

Recommendations For Firefox versions prior to 60, update to version 60 or later to resolve the issue. For Google Chrome, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Release of Resource after Effective Lifetime

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772CWE-20

Related Identifiers

ALT-PU-2018-1787

ALT-PU-2018-1854

ALT-PU-2018-2599

BDU:2019-04383

CVE-2018-5179

DSA-4330-1

OPENSUSE-SU-2018:3835-1

OPENSUSE-SU-2018_3273-1

OPENSUSE-SU-2018_3396-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

RHSA-2018:3004

RHSA-2018_3004

SUSE-SU-2019:2872-1

Affected Products

Alt Linux

Firefox

Google Chrome

Red Hat

Suse

PT-2018-3222 · Google+4 · Google Chrome+4

CVE-2018-5179

Weakness Enumeration

Related Identifiers

Affected Products

References · 2405