8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.068 Low
EPSS
Percentile
93.8%
Google Chrome Releases reports:
43 security fixes in this release, including:
High CVE-2018-17480: Out of bounds write in V8
High CVE-2018-17481: Use after free in PDFium
High CVE-2018-18335: Heap buffer overflow in Skia
High CVE-2018-18336: Use after free in PDFium
High CVE-2018-18337: Use after free in Blink
High CVE-2018-18338: Heap buffer overflow in Canvas
High CVE-2018-18339: Use after free in WebAudio
High CVE-2018-18340: Use after free in MediaRecorder
High CVE-2018-18341: Heap buffer overflow in Blink
High CVE-2018-18342: Out of bounds write in V8
High CVE-2018-18343: Use after free in Skia
High CVE-2018-18344: Inappropriate implementation in Extensions
High To be allocated: Multiple issues in SQLite via WebSQL
Medium CVE-2018-18345: Inappropriate implementation in Site Isolation
Medium CVE-2018-18346: Incorrect security UI in Blink
Medium CVE-2018-18347: Inappropriate implementation in Navigation
Medium CVE-2018-18348: Inappropriate implementation in Omnibox
Medium CVE-2018-18349: Insufficient policy enforcement in Blink
Medium CVE-2018-18350: Insufficient policy enforcement in Blink
Medium CVE-2018-18351: Insufficient policy enforcement in Navigation
Medium CVE-2018-18352: Inappropriate implementation in Media
Medium CVE-2018-18353: Inappropriate implementation in Network Authentication
Medium CVE-2018-18354: Insufficient data validation in Shell Integration
Medium CVE-2018-18355: Insufficient policy enforcement in URL Formatter
Medium CVE-2018-18356: Use after free in Skia
Medium CVE-2018-18357: Insufficient policy enforcement in URL Formatter
Medium CVE-2018-18358: Insufficient policy enforcement in Proxy
Medium CVE-2018-18359: Out of bounds read in V8
Low To be allocated: Inappropriate implementation in PDFium
Low To be allocated: Use after free in Extensions
Low To be allocated: Inappropriate implementation in Navigation
Low To be allocated: Inappropriate implementation in Navigation
Low To be allocated: Insufficient policy enforcement in Navigation
Low To be allocated: Insufficient policy enforcement in URL Formatter
Medium To be allocated: Insufficient policy enforcement in Payments
Various fixes from internal audits, fuzzing and other initiatives
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.068 Low
EPSS
Percentile
93.8%