CVE-2018-6092

EPSS 9.2%

Vexday Risk Score

23Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 9.2%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado

Lifecycle

08 Jun 2018Public PoC

04 Dec 2018Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Affected products

Google · Chrome

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/44860/unverified exploitdbwww.exploit-db.com/exploits/44860unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2018:1195 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/819869 https://security.gentoo.org/glsa/201804-22 https://www.debian.org/security/2018/dsa-4182 https://www.exploit-db.com/exploits/44860/http://www.securityfocus.com/bid/103917