Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2018-16068

🗓️ 09 Jan 2019 19:00:00Reported by ChromeType 
cve
 cve🔗 web.nvd.nist.gov👁 135 Views🌐 WEB

Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today		Chrome Mojo DataPipe*Dispatcher Deserialization Lacking Validation Exploit
18 Oct 201800:00
zdt
BDU FSTEC		The vulnerability of the Mojo messaging library in Google Chrome allows a hacker to elevate their privileges and escape from the isolated software environment.
3 Dec 201900:00
bdu_fstec
CNVD		Google Chrome Mojo has an unspecified vulnerability
7 Sep 201800:00
cnvd
Cvelist		CVE-2018-16068
9 Jan 201919:00
cvelist
Debian		[SECURITY] [DSA 4289-1] chromium-browser security update
8 Sep 201803:21
debian
Debian CVE		CVE-2018-16068
9 Jan 201919:00
debiancve
Tenable Nessus		Debian DSA-4289-1 : chromium-browser - security update
10 Sep 201800:00
nessus
Tenable Nessus		Fedora 28 : chromium (2018-13d8c35127)
3 Jan 201900:00
nessus
Tenable Nessus		Fedora 29 : chromium (2018-39be36e9fc)
3 Jan 201900:00
nessus
Tenable Nessus		Fedora 27 : chromium (2018-4a16e37c81)
24 Sep 201800:00
nessus
Rows per page
NVD
Vulners
Node
googlechromeRange<69.0.3497.81
Node
debiandebian_linuxMatch9.0
Node
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_workstationMatch6.0
[
  {
    "product": "Chrome",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "69.0.3497.81",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
state.write_offsetnestedgooglechrome.github.io/samples/service-worker/basic/Deserialization flaw in Mojo DataPipeProducerDispatcher can accept an out-of-bounds write_offset, leading to OOB write during WriteData.CWE-20
state.options.capacity_num_bytesnestedgooglechrome.github.io/samples/service-worker/basic/Deserialization flaw in Mojo DataPipeProducerDispatcher can accept an out-of-bounds write_offset, leading to OOB write during WriteData.CWE-20
state.options.element_num_bytesnestedgooglechrome.github.io/samples/service-worker/basic/Deserialization flaw in Mojo DataPipeProducerDispatcher can accept an out-of-bounds write_offset, leading to OOB write during WriteData.CWE-20
state.pipe_idnestedgooglechrome.github.io/samples/service-worker/basic/Deserialization flaw in Mojo DataPipeProducerDispatcher can accept an out-of-bounds write_offset, leading to OOB write during WriteData.CWE-20
state.flagsnestedgooglechrome.github.io/samples/service-worker/basic/Deserialization flaw in Mojo DataPipeProducerDispatcher can accept an out-of-bounds write_offset, leading to OOB write during WriteData.CWE-20

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 01:43Current
8.4High risk
Vulners AI Score8.4
CVSS 26.8
CVSS 39.6
EPSS0.01937
CWE-20
cve-2018-16068validationmojogoogle chromesandbox escapesecurity vulnerability
135