PT-2018-3280 · Google+2 · Google Chrome+2
Rob Wu
·
Published
2018-04-17
·
Updated
2021-09-08
·
CVE-2018-6151
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 66.0.3359.117
Description
The issue is related to a bad cast in DevTools in Google Chrome, which allowed an attacker to perform an out of bounds memory read via a crafted Chrome Extension. This could be achieved if the attacker convinced a user to install a malicious extension. The vulnerability affects Google Chrome on various operating systems, including Windows, Linux, Mac, and Chrome OS.
Recommendations
For versions prior to 66.0.3359.117, update to version 66.0.3359.117 or later to resolve the issue. As a temporary workaround, consider restricting the installation of extensions to trusted sources to minimize the risk of exploitation. Avoid using unverified or suspicious extensions until the issue is resolved.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Google Chrome
Red Hat