Lucene search
CVE-2018-16068
Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page
Show more
| Reporter | Title | Published | Views | Family All 41 |
|---|---|---|---|---|
 | Chrome Mojo DataPipe*Dispatcher Deserialization Lacking Validation Exploit | 18 Oct 201800:00 | – | zdt |
 | CVE-2018-16068 | 9 Jan 201919:29 | – | debiancve |
 | Input validation | 9 Jan 201919:29 | – | prion |
 | CVE-2018-16068 | 9 Jan 201919:29 | – | nvd |
 | CVE-2018-16068 | 9 Jan 201919:00 | – | cvelist |
 | CVE-2018-16068 | 9 Jan 201900:00 | – | ubuntucve |
 | CVE-2018-16068 | 5 Sep 201804:32 | – | redhatcve |
 | Google Rolls Out 40 Fixes with Chrome 69 | 5 Sep 201818:34 | – | threatpost |
 | [SECURITY] [DSA 4289-1] chromium-browser security update | 8 Sep 201803:21 | – | debian |
 | Debian DSA-4289-1 : chromium-browser - security update | 10 Sep 201800:00 | – | nessus |
10
Node
Node
OROR
[
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "69.0.3497.81",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| read_offset | request body | /mojo/edk/system/data_pipe_consumer_dispatcher.cc | Missing validation in deserialization routines leading to potential out-of-bounds read/write | CWE-20 |
| write_offset | request body | /mojo/edk/system/data_pipe_producer_dispatcher.cc | Missing validation in deserialization routines leading to potential out-of-bounds read/write | CWE-20 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo09 Jan 2019 19:29Current
8.4High risk
Vulners AI Score8.4
CVSS26.8
CVSS39.6
EPSS0.0154