PT-2018-3234 · Google+5 · Skia+6

Ivan Fratric

Published

2018-05-29

Updated

2024-12-12

CVE-2018-6126

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 67.0.3396.62

Description A precision error in the Skia library allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. This issue is related to a buffer overflow, which can be exploited by a remote attacker to write arbitrary files to the device's file system.

Recommendations For Google Chrome versions prior to 67.0.3396.62, update to version 67.0.3396.62 or later to resolve the issue.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2018-1900

ALT-PU-2018-1909

ALT-PU-2018-1959

BDU:2019-04395

CESA-2018_2112

CESA-2018_2113

CVE-2018-6126

DSA-4220-1

DSA-4237-1

MGASA-2018-0268

MGASA-2018-0282

MGASA-2018-0338

OPENSUSE-SU-2018_1484-1

OPENSUSE-SU-2018_1616-1

OPENSUSE-SU-2018_2055-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

OPENSUSE-SU-2024:14572-1

RHSA-2018:1815

RHSA-2018:2112

RHSA-2018:2113

RHSA-2018_1815

RHSA-2018_2112

RHSA-2018_2113

SUSE-SU-2018:1783-1

SUSE-SU-2018:1783-2

SUSE-SU-2018:1820-1

SUSE-SU-2018:2298-1

SUSE-SU-2018_1783-1

SUSE-SU-2018_1783-2

SUSE-SU-2018_1820-1

USN-3682-1

Affected Products

Alt Linux

Centos

Google Chrome

Red Hat

Skia

Suse

Ubuntu

PT-2018-3234 · Google+5 · Skia+6

CVE-2018-6126

Weakness Enumeration

Related Identifiers

Affected Products

References · 4223