CVE-2018-6065
CVE-2018-6065
In short
Google Chrome's JavaScript engine had a flaw where it miscalculated memory size when creating objects, allowing attackers to corrupt the browser's memory through a malicious webpage.
Technical detail
Integer overflow in V8's object instantiation allocation size calculation allowed remote attackers to trigger heap corruption via crafted HTML; exploitation requires user to visit attacker-controlled page, potentially leading to code execution or memory-based attacks.
Summary generated and translated by AI from the official description.
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 3
githubgithub.com/b1tg/CVE-2018-6065-exploit★ 2cve_referencewww.exploit-db.com/exploits/44584/unverifiedexploitdbwww.exploit-db.com/exploits/44584unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2018:0484https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.htmlhttps://crbug.com/808192https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-6065https://www.debian.org/security/2018/dsa-4182https://www.exploit-db.com/exploits/44584/https://www.zerodayinitiative.com/advisories/ZDI-19-367/http://www.securityfocus.com/bid/103297