chromium-browser: Heap buffer overflow in WebGL

🗓️ 30 Jul 2018 15:10:23Reported by RedHatType

Chromium Web Graphics Library heap buffer overflow in Chrome before 68.0.3440.75 allows remote heap corruption via crafted HTML page.

Reporter	Title	Published	Views	Family All 48
FreeBSD	chromium -- multiple vulnerabilities	24 Jul 201800:00	–	freebsd
CNVD	Google Chrome heap buffer overflow vulnerability (CNVD-2018-17041)	25 Jul 201800:00	–	cnvd
CVE	CVE-2018-6154	27 Jun 201916:13	–	cve
Cvelist	CVE-2018-6154	27 Jun 201916:13	–	cvelist
Debian	[SECURITY] [DSA 4256-1] chromium-browser security update	27 Jul 201805:15	–	debian
Debian	[SECURITY] [DSA 4256-1] chromium-browser security update	27 Jul 201805:15	–	debian
Debian CVE	CVE-2018-6154	27 Jun 201916:13	–	debiancve
Tenable Nessus	Debian DSA-4256-1 : chromium-browser - security update	27 Jul 201800:00	–	nessus
Tenable Nessus	Fedora 28 : chromium (2018-499f2dbc96)	3 Jan 201900:00	–	nessus
Tenable Nessus	Fedora 27 : chromium (2018-4a16e37c81)	24 Sep 201800:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	i686	chromium-browser	0:68.0.3440.75-1.el6_10	chromium-browser-0:68.0.3440.75-1.el6_10.i686.rpm
Red Hat Enterprise Linux	6	x86_64	chromium-browser	0:68.0.3440.75-1.el6_10	chromium-browser-0:68.0.3440.75-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux	6	i686	chromium-browser-debuginfo	0:68.0.3440.75-1.el6_10	chromium-browser-debuginfo-0:68.0.3440.75-1.el6_10.i686.rpm
Red Hat Enterprise Linux	6	x86_64	chromium-browser-debuginfo	0:68.0.3440.75-1.el6_10	chromium-browser-debuginfo-0:68.0.3440.75-1.el6_10.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2018-6154
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
chromereleases	www.chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-6154
cve	www.cve.org/CVERecord

13 Jan 2026 21:26Current

7.4High risk

Vulners AI Score7.4

CVSS 26.8

CVSS 38.8

EPSS0.00301