Lucene search

K

ChromeCVELIST:CVE-2018-18356

HistoryDec 11, 2018 - 3:00 p.m.

CVE-2018-18356

2018-12-1115:00:00

Chrome

www.cve.org

2

9.2 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

89.9%

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CNA Affected

[
  {
    "product": "Chrome",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "71.0.3578.80",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html

www.securityfocus.com/bid/106084

access.redhat.com/errata/RHSA-2018:3803

access.redhat.com/errata/RHSA-2019:0373

access.redhat.com/errata/RHSA-2019:0374

access.redhat.com/errata/RHSA-2019:1144

chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html

crbug.com/883666

lists.debian.org/debian-lts-announce/2019/02/msg00023.html

lists.debian.org/debian-lts-announce/2019/02/msg00024.html

security.gentoo.org/glsa/201903-04

security.gentoo.org/glsa/201904-07

security.gentoo.org/glsa/201908-18

usn.ubuntu.com/3896-1/

usn.ubuntu.com/3897-1/

www.debian.org/security/2018/dsa-4352

www.debian.org/security/2019/dsa-4391

www.debian.org/security/2019/dsa-4392

9.2 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

89.9%

Related for CVELIST:CVE-2018-18356