CVE-2018-17463
Google Chromium V8 Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
6Exploited in Wild
YesDecision
Descriptions
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Anotación de efecto secundario en V8 en Google Chrome en versiones anteriores a la 70.0.3538.64 permitía que un atacante remoto ejecutase código arbitrario dentro de un sandbox mediante una página HTML manipulada.
Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 70.0.3538.67. Issues addressed include buffer overflow and code execution vulnerabilities.
Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2018-09-25 CVE Reserved
- 2018-10-25 CVE Published
- 2020-03-05 First Exploit
- 2022-06-08 Exploited in Wild
- 2022-06-22 KEV Due Date
- 2025-01-29 CVE Updated
- 2025-07-04 EPSS Updated
CWE
CAPEC
References (17)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/156640 | 2020-03-05 | |
| https://www.exploit-db.com/exploits/48184 | 2020-03-09 | |
| https://github.com/jhalon/CVE-2018-17463 | 2022-12-28 | |
| https://github.com/kdmarti2/CVE-2018-17463 | 2021-05-02 | |
| http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html | 2025-01-29 | |
| https://crbug.com/888923 | 2025-01-29 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:3004 | 2024-06-28 | |
| https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html | 2024-06-28 | |
| https://security.gentoo.org/glsa/201811-10 | 2024-06-28 | |
| https://www.debian.org/security/2018/dsa-4330 | 2024-06-28 | |
| https://access.redhat.com/security/cve/CVE-2018-17463 | 2018-10-24 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1640099 | 2018-10-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 70.0.3538.67 Search vendor "Google" for product "Chrome" and version " < 70.0.3538.67" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||